CVE-2017-17405
Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - 'NET::Ftp' Command Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.
Ruby en versiones anteriores a la 2.4.3 permite la inyección de comandos Net::FTP. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile y puttextfile emplean Kernel#open para abrir un archivo local. Si el argumento localfile empieza por el carácter "|", el comando que lo siga se ejecutará. El valor por defecto de localfile es File.basename(remotefile), por lo que servidores FTP maliciosos podrían provocar la ejecución de comandos arbitrarios.
It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-05 CVE Reserved
- 2017-12-15 CVE Published
- 2024-02-10 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (16)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/102204 | Third Party Advisory | |
http://www.securitytracker.com/id/1042004 | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/43381 | 2024-08-05 |
URL | Date | SRC |
---|---|---|
https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released | 2019-09-19 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:0378 | 2019-09-19 | |
https://access.redhat.com/errata/RHSA-2018:0583 | 2019-09-19 | |
https://access.redhat.com/errata/RHSA-2018:0584 | 2019-09-19 | |
https://access.redhat.com/errata/RHSA-2018:0585 | 2019-09-19 | |
https://access.redhat.com/errata/RHSA-2019:2806 | 2019-09-19 | |
https://www.debian.org/security/2018/dsa-4259 | 2019-09-19 | |
https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405 | 2019-09-19 | |
https://access.redhat.com/security/cve/CVE-2017-17405 | 2019-09-19 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1526189 | 2019-09-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.2 <= 2.2.8 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.2 <= 2.2.8" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.3 <= 2.3.5 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.3 <= 2.3.5" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.4 <= 2.4.2 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.4 <= 2.4.2" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.5.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.5.0" | preview1 |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
|