ID de Prueba:	1.3.6.1.4.1.25623.1.1.2.2018.1066
Categoría:	Huawei EulerOS Local Security Checks
Título:	Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1066)
Resumen:	The remote host is missing an update for the Huawei EulerOS 'ruby' package(s) announced via the EulerOS-SA-2018-1066 advisory.
Descripción:	Summary: The remote host is missing an update for the Huawei EulerOS 'ruby' package(s) announced via the EulerOS-SA-2018-1066 advisory. Vulnerability Insight: It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405) A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter. (CVE-2017-0898) It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. (CVE-2017-0901) A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902) A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter. (CVE-2017-0903) It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784) It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033) A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899) It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. (CVE-2017-0900) A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory. (CVE-2017-14064) Affected Software/OS: 'ruby' package(s) on Huawei EulerOS V2.0SP1. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-0898 BugTraq ID: 100862 http://www.securityfocus.com/bid/100862 Debian Security Information: DSA-4031 (Google Search) https://www.debian.org/security/2017/dsa-4031 https://security.gentoo.org/glsa/201710-18 https://github.com/mruby/mruby/issues/3722 https://hackerone.com/reports/212241 https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/ https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html RedHat Security Advisories: RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2017:3485 RedHat Security Advisories: RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0378 RedHat Security Advisories: RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0583 RedHat Security Advisories: RHSA-2018:0585 https://access.redhat.com/errata/RHSA-2018:0585 http://www.securitytracker.com/id/1039363 https://usn.ubuntu.com/3685-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-0899 BugTraq ID: 100576 http://www.securityfocus.com/bid/100576 Debian Security Information: DSA-3966 (Google Search) https://www.debian.org/security/2017/dsa-3966 https://security.gentoo.org/glsa/201710-01 http://blog.rubygems.org/2017/08/27/2.6.13-released.html https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1 https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491 https://hackerone.com/reports/226335 http://www.securitytracker.com/id/1039249 Common Vulnerability Exposure (CVE) ID: CVE-2017-0900 BugTraq ID: 100579 http://www.securityfocus.com/bid/100579 https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251 https://hackerone.com/reports/243003 Common Vulnerability Exposure (CVE) ID: CVE-2017-0901 BugTraq ID: 100580 http://www.securityfocus.com/bid/100580 https://www.exploit-db.com/exploits/42611/ https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2 https://hackerone.com/reports/243156 https://usn.ubuntu.com/3553-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-0902 BugTraq ID: 100586 http://www.securityfocus.com/bid/100586 https://github.com/rubygems/rubygems/commit/8d91516fb7037ecfb27622f605dc40245e0f8d32 https://hackerone.com/reports/218088 Common Vulnerability Exposure (CVE) ID: CVE-2017-0903 BugTraq ID: 101275 http://www.securityfocus.com/bid/101275 http://blog.rubygems.org/2017/10/09/2.6.14-released.html http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49 https://hackerone.com/reports/274990
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.