SB2020021905 - Red Hat update for ruby

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020021905

SB2020021905 - Red Hat update for ruby

Published: February 19, 2020

Security Bulletin ID SB2020021905
Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 11% Low 89%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Path traversal (CVE-ID: CVE-2018-1000073)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the install_location function of package.rb due to path traversal when writing to a symlinked basedir outside of the root. A remote attacker can gain access to potentially sensitive information.

2) Desereliazation of untrusted data (CVE-ID: CVE-2018-1000074)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in owner command due to desereliazation of untrusted data. A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

3) Infinite loop (CVE-ID: CVE-2018-1000075)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in ruby gem package tar header due to infinite loop. A remote attacker can cause the service to crash.

4) Improper verification of cryptographic signature (CVE-ID: CVE-2018-1000076)

The vulnerability allows a remote attacker to write arbitrary files on the target system.

The weakness exists in package.rb due to improper verification of cryptographic signature. A remote attacker can install mis-signed gem, as the tarball would contain multiple gem signatures.

5) Improper input validation (CVE-ID: CVE-2018-1000077)

The vulnerability allows a remote unauthenticated attacker to write arbitrary files on the target system.

The weakness exists due to improper URL validation of the specification homepage attribute. A remote attacker can trick the victim into installing a malicious RubyGems gem and set an invalid homepage URL.


6) Cross-site scripting (CVE-ID: CVE-2018-1000078)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


7) Path traversal (CVE-ID: CVE-2018-1000079)

The vulnerability allows a remote attacker to modify file locations on the target system.

The weakness exists due to the improper handling of pathnames when the affected software installs new components. A remote attacker can persuade the victim into install a malicious RubyGems gem and use directory traversal techniques to write to arbitrary file locations.

8) Resource exhaustion (CVE-ID: CVE-2018-8777)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists a large request in WEBrick. A remote attacker can send a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause the service to crash.

9) Path traversal (CVE-ID: CVE-2018-8780)

The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the Dir.open, Dir.new, Dir.entries and Dir.empty? methods due to improper checking of NULL characters. A remote attacker can trigger the unintentional directory traversal.

Remediation

Install update from vendor's website.

References