CVE-2017-0901: RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the…

CVE-2017-0901 [HIGH] RubyGems may allow a maliciously crafted gem to overwrite files RubyGems may allow a maliciously crafted gem to overwrite files RubyGems versions 2.6.12 and earlier fail to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

CVE-2017-0901 [HIGH] CWE-20 RubyGems may allow a maliciously crafted gem to overwrite files RubyGems may allow a maliciously crafted gem to overwrite files RubyGems versions 2.6.12 and earlier fail to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

CVE-2017-0903 [CRITICAL] ruby2.0 regression ruby2.0 regression USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem. Original advisory details: Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls.

CVE-2017-0898 [CRITICAL] ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls. (CVE-2017-0902) It was discovered that Ruby incorrectly handled certain YAML files. An attacker could use this to possibly execute arb

CVE-2017-0901 [HIGH] ruby2.3 vulnerabilities ruby2.3 vulnerabilities It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls. (CVE-2017-0902) It was discovered that Ruby incorrectly handled certain YAML files. An attacker could use this to possibly execute arbitrary code. (CVE-2017-0903)

CVE-2017-0898 [CRITICAL] ruby1.9.1 vulnerabilities ruby1.9.1 vulnerabilities It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) Yusuke Endoh discovered that Ruby incorrectly handled certain files. An attacker could use this to execute terminal escape sequences. (CVE-2017-0899) Yusuke Endoh discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a denial of service. (CVE-2017-0900) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-10784) It was discovered that Ruby incorrectly handled certain inp

CVE-2017-0901 [HIGH] CVE-2017-0901: RubyGems version 2 RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

CVE-2017-0903 [CRITICAL] Ruby regression Title: Ruby regression Summary: USN-3685-1 introduced a regression in Ruby. USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem. Original advisory details: Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download

CVE-2017-0898 [CRITICAL] Ruby vulnerabilities Title: Ruby vulnerabilities Summary: Several security issues were fixed in Ruby. Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls. (CVE-2017-0902) It was discovered that Ruby incorrectly handled certain YAML files. An attacker

CVE-2017-0901 [HIGH] Ruby vulnerabilities Title: Ruby vulnerabilities Summary: Several security issues were fixed in Ruby. It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls. (CVE-2017-0902) It was discovered that Ruby incorrectly handled certain YAML files. An attacker could use this to possibly execute arbitrary code. (CVE-2017-0903) Instructions: In general, a standard system update will make all the necessary changes.

CVE-2017-0898 [CRITICAL] Ruby vulnerabilities Title: Ruby vulnerabilities Summary: Several security issues were fixed in Ruby. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) Yusuke Endoh discovered that Ruby incorrectly handled certain files. An attacker could use this to execute terminal escape sequences. (CVE-2017-0899) Yusuke Endoh discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a denial of service. (CVE-2017-0900) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-10784) It

CVE-2017-0901 [HIGH] CWE-138 rubygems: Arbitrary file overwrite due to incorrect validation of specification name rubygems: Arbitrary file overwrite due to incorrect validation of specification name RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. Statement: This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the

CVE-2017-0901 [HIGH] CVE-2017-0901: rubygems - RubyGems version 2.6.12 and earlier fails to validate specification names, allow... RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. Scope: local bookworm: resolved (fixed in 3.2.0~rc.1-1) bullseye: resolved (fixed in 3.2.0~rc.1-1) forky: resolved (fixed in 3.2.0~rc.1-1) sid: resolved (fixed in 3.2.0~rc.1-1) trixie: resolved (fixed in 3.2.0~rc.1-1)

CVE-2017-0901 RubyGems < 2.6.13 - Arbitrary File Overwrite RubyGems -, such as malicious-0. Still, there are many chances that cause a catastrophe. For example, think of replacing a file in /etc/dbus-1/. Proof of Concept 2: Replace rackup command This PoC attempts to replace gems/rack-2.0.3/bin/rackup with a malicious file. 1) Download the attached file replace-rackup.gem. 2) Run gem install rack -v 2.0.3. 3) Run gem install replace-rackup.gem --no-doc. 4) Run rackup. It will emit just BOOOOM!. replace-rackup.gem assigns ../gems/rack as name field, and contains a malicious file bin/rackup. This is really exploitable for attackers. Note For how to create the malicious gems, see the attached file src.tar.gz. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42611.zip

CVE-2017-0899 [CRITICAL] CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 rubygems: various flaws [fedora-all] CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 rubygems: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple sup

CVE-2017-0901 [HIGH] CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. Upstream patch: https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2 Bug report: https://hackerone.com/reports/243156 External References: http://blog.rubygems.org/2017/08/27/2.6.13-released.html Discussion: Created ruby193-rubygems tracking bugs for this issue: Affects: openshift-1 [bug 1487592] Created rubygems tracking bugs for this issue: Affects: fedora-all [bug 1487591] Affects: openshift-1 [bug 1487593] --- This issue has been addressed in the following products: Red Hat Softwar