CVE-2015-7551
ruby: DL:: dlopen could open a library with tainted library name
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
La implementación Fiddle::Handle en ext/fiddle/handle.c en Ruby en versiones anteriores a 2.0.0-p648, 2.1 en versiones anteriores a 2.1.8 y 2.2 en versiones anteriores a 2.2.4, según se distribuye en Apple OS X en versiones anteriores a 10.11.4 y otros productos, no maneja correctamente el tainting, lo que permite a atacantes dependientes del contexto ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una cadena manipulada, relacionado con el módulo DL y la librería libffi. NOTA: esta vulnerabilidad existe por una regresión de CVE-2009-5147.
It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. This issue only applied to Ubuntu 14.04 LTS. Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly handled certain crafted strings. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-09-29 CVE Reserved
- 2016-03-22 CVE Published
- 2024-08-06 CVE Updated
- 2025-07-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-267: Privilege Defined With Unsafe Actions
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344 | X_refsource_confirm | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551 | X_refsource_confirm | |
| http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/76060 | Vdb Entry | |
| https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a | X_refsource_confirm | |
| https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html | X_refsource_confirm | |
| https://puppet.com/security/cve/ruby-dec-2015-security-fixes | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551 | 2018-03-28 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html | 2018-03-28 | |
| https://access.redhat.com/errata/RHSA-2018:0583 | 2018-03-28 | |
| https://support.apple.com/HT206167 | 2018-03-28 | |
| https://access.redhat.com/security/cve/CVE-2015-7551 | 2018-03-26 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1248935 | 2018-03-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | <= 10.11.3 Search vendor "Apple" for product "Mac Os X" and version " <= 10.11.3" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | <= 2.0.0-p647 Search vendor "Ruby-lang" for product "Ruby" and version " <= 2.0.0-p647" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.0" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.1 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.1" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.2 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.2" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.3 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.3" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.4 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.4" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.5 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.5" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.6 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.6" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.7 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.7" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.2.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.2.0" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.2.1 Search vendor "Ruby-lang" for product "Ruby" and version "2.2.1" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.2.2 Search vendor "Ruby-lang" for product "Ruby" and version "2.2.2" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.2.3 Search vendor "Ruby-lang" for product "Ruby" and version "2.2.3" | - |
Affected
| ||||||