CVE-2017-17790
ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.
La función lazy_initialize en lib/resolv.rb en Ruby hasta la versión 2.4.3 utiliza Kernel#open, lo que podría permitir ataques de inyección de comandos, tal y como demuestra un argumento Resolv::Hosts::new que comience con un carácter "|". Esta es una vulnerabilidad diferente a CVE-2017-17405. NOTA: es altamente improbable que se den situaciones con entradas no fiables.
The "lazy_initialize" function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands.
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-20 CVE Reserved
- 2017-12-20 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-05-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/ruby/ruby/pull/1777 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:0378 | 2018-08-03 | |
| https://access.redhat.com/errata/RHSA-2018:0583 | 2018-08-03 | |
| https://access.redhat.com/errata/RHSA-2018:0584 | 2018-08-03 | |
| https://access.redhat.com/errata/RHSA-2018:0585 | 2018-08-03 | |
| https://www.debian.org/security/2018/dsa-4259 | 2018-08-03 | |
| https://access.redhat.com/security/cve/CVE-2017-17790 | 2018-03-26 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1528218 | 2018-03-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.2 <= 2.2.8 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.2 <= 2.2.8" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.3 <= 2.3.5 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.3 <= 2.3.5" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.4 <= 2.4.2 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.4 <= 2.4.2" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.5.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.5.0" | preview1 |
Affected
| ||||||