CVE-2017-17405 – Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - 'NET::Ftp' Command Injection
https://notcve.org/view.php?id=CVE-2017-17405
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. Ruby en versiones anteriores a la 2.4.3 permite la inyección de comandos Net::FTP. • https://www.exploit-db.com/exploits/43381 http://www.securityfocus.com/bid/102204 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0584 https://access.redhat.com/errata/RHSA-2018:0585 https://access.redhat.com/errata/RHSA-2019:2806 https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html https://lists.debian.org/debian-lts-announce • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2017-14033 – ruby: Buffer underrun in OpenSSL ASN1 decode
https://notcve.org/view.php?id=CVE-2017-14033
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. El método decode en el módulo OpenSSL::ASN1 en Ruby en versiones anteriores a la 2.2.8, versiones 2.3.x anteriores a 2.3.5, y 2.4.x hasta la 2.4.1 permite que los atacantes provoquen una denegación de servicio (cierre inesperado del intérprete) mediante una string manipulada. It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. • http://www.securityfocus.com/bid/100868 http://www.securitytracker.com/id/1039363 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html https://security.gentoo.org/glsa/201710-18 https://www.debian.org/security/2017/dsa-4031 https://www.ruby-lang.org/en/news/2017/09/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-10784 – ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
https://notcve.org/view.php?id=CVE-2017-10784
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. El código de autenticación Basic en la biblioteca WEBrick en Ruby en versiones anteriores a la 2.2.8, 2.3.x anteriores a la 2.3.5 y 2.4.x hasta la 2.4.1 permite que atacantes remotos inyecten secuencias de escape del emulador del terminal en su registro y que puedan ejecutar comandos arbitrarios mediante un nombre de usuario manipulado. It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. • http://www.securityfocus.com/bid/100853 http://www.securitytracker.com/id/1039363 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html https://security.gentoo.org/glsa/201710-18 https://usn.ubuntu.com/3528-1 https://usn • CWE-117: Improper Output Neutralization for Logs CWE-287: Improper Authentication •
CVE-2017-0898 – ruby: Buffer underrun vulnerability in Kernel.sprintf
https://notcve.org/view.php?id=CVE-2017-0898
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. Ruby, en versiones anteriores a la 2.4.2, 2.3.5 y 2.2.8, es vulnerable a una cadena de formato maliciosa qe contiene un especificador (*) con un valor grande negativo. Esta situación puede provocar un desbordamiento de búfer, provocando una corrupción de la memoria dinámica (heap) o una fuga de información de dicha memoria dinámica. A buffer underflow was found in ruby's sprintf function. • http://www.securityfocus.com/bid/100862 http://www.securitytracker.com/id/1039363 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/mruby/mruby/issues/3722 https://hackerone.com/reports/212241 https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html https://security.gentoo.org/glsa/201710-18 https:/ • CWE-122: Heap-based Buffer Overflow CWE-134: Use of Externally-Controlled Format String •
CVE-2014-6438
https://notcve.org/view.php?id=CVE-2014-6438
The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string. El método URI.decode_www_form_component en versiones de Ruby anteriores a la 1.9.2-p330 permite que atacantes remotos provoquen una denegación de servicio (expresión regular catastrófica, consumo de recursos o bloqueo de la aplicación) utilizando un string manipulado. • http://www.openwall.com/lists/oss-security/2015/07/13/6 http://www.securitytracker.com/id/1032874 https://github.com/ruby/www.ruby-lang.org/issues/817 https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released • CWE-399: Resource Management Errors •