Lucene search
UbuntuUSN-3515-1HistoryJan 04, 2018 - 12:00 a.m.
Ruby vulnerability
2018-01-0400:00:00
ubuntu.com
51
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.895
Percentile
98.8%
Releases
- Ubuntu 17.10
- Ubuntu 17.04
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- ruby1.9.1 - Object-oriented scripting language
- ruby2.0 - Object-oriented scripting language
- ruby2.3 - Interpreter of object-oriented scripting language Ruby
Details
It was discovered that Ruby allows FTP command injection.
An attacker could use this to cause arbitrary command execution.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 17.10 | noarch | libruby2.3 | < 2.3.3-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | libruby2.3-dbgsym | < 2.3.3-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | ruby2.3 | < 2.3.3-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | ruby2.3-dbgsym | < 2.3.3-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | ruby2.3-dev | < 2.3.3-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | ruby2.3-doc | < 2.3.3-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | ruby2.3-tcltk | < 2.3.3-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | ruby2.3-tcltk-dbgsym | < 2.3.3-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 17.04 | noarch | libruby2.3 | < 2.3.3-1ubuntu0.3 | UNKNOWN |
| Ubuntu | 17.04 | noarch | libruby2.3-dbgsym | < 2.3.3-1ubuntu0.3 | UNKNOWN |
References
Related
nessus
nessus
GLSA-201802-05 : Ruby: Command injection
2018-02-20 00:00:00
Slackware 14.2 / current : ruby (SSA:2017-353-01)
2017-12-20 00:00:00
Photon OS 2.0: Ruby PHSA-2018-2.0-0011-(a)
2019-02-07 00:00:00
freebsd
freebsd
ruby -- Command injection vulnerability in Net::FTP
2017-12-14 00:00:00
seebug
seebug
Command injection vulnerability in Net::FTP(CVE-2017-17405)
2017-12-18 00:00:00
exploitpack
exploitpack
Ruby 2.2.8 2.3.5 2.4.2 2.5.0-preview1 - NET::Ftp Command Injection
2017-12-02 00:00:00
gentoo
gentoo
Ruby: Command injection
2018-02-20 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2017-353-01)
2022-04-21 00:00:00
Ubuntu: Security Advisory (USN-3515-1)
2018-10-26 00:00:00
Mageia: Security Advisory (MGASA-2017-0486)
2022-01-28 00:00:00
cvelist
cvelist
CVE-2017-17405
2017-12-15 09:00:00
CVE-2017-17790
2017-12-20 09:00:00
osv
osv
CVE-2017-17405
2017-12-15 09:29:00
ruby1.9.1 - security update
2017-12-24 00:00:00
CVE-2017-17790
2017-12-20 09:29:01
rubygems
rubygems
Command injection vulnerability in Net::FTP
2017-12-13 21:00:00
The lazy_initialize function in lib/resolv.rb in Ruby
2017-12-19 21:00:00
redhat
redhat
(RHSA-2019:2806) Important: ruby security update
2019-09-17 10:31:23
slackware
slackware
[slackware-security] ruby
2017-12-20 06:38:26
alpinelinux
alpinelinux
CVE-2017-17405
2017-12-15 09:29:00
debiancve
debiancve
CVE-2017-17405
2017-12-15 09:29:00
CVE-2017-17790
2017-12-20 09:29:01
prion
prion
Command injection
2017-12-15 09:29:00
Command injection
2017-12-20 09:29:00
nvd
nvd
CVE-2017-17405
2017-12-15 09:29:00
CVE-2017-17790
2017-12-20 09:29:01
ubuntucve
ubuntucve
CVE-2017-17405
2017-12-15 00:00:00
CVE-2017-17790
2017-12-20 00:00:00
cve
cve
CVE-2017-17405
2017-12-15 09:29:00
CVE-2017-17790
2017-12-20 09:29:01
zdt
zdt
checkpoint_advisories
checkpoint_advisories
Ruby Net FTP Command Injection (CVE-2017-17405) - Ver2
2018-04-15 00:00:00
redhatcve
redhatcve
CVE-2017-17405
2017-12-14 21:50:01
hackerone
hackerone
Ruby: NET::Ftp allows command injection in filenames
2017-12-02 11:33:02
veracode
veracode
Arbitrary Command Execution
2019-01-15 09:21:10
exploitdb
exploitdb
mageia
mageia
Updated ruby packages fix security vulnerabilities
2017-12-31 18:51:06
debian
debian
[SECURITY] [DLA 1221-1] ruby1.9.1 security update
2017-12-25 14:56:39
[SECURITY] [DLA 1222-1] ruby1.8 security update
2017-12-25 14:56:22
[SECURITY] [DSA 4259-1] ruby2.3 security update
2018-07-31 21:40:30
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-1.0-0098-A
2018-01-11 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-2.0-0011-A
2018-01-11 00:00:00
Important Photon OS Security Update - PHSA-2018-0011
2018-01-11 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Ruby affect PowerKVM
2018-06-18 01:42:18
oraclelinux
oraclelinux
ruby security update
2018-02-28 00:00:00
centos
centos
ruby, rubygem, rubygems security update
2018-03-10 11:53:01
apple
apple
About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
2018-07-09 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.895
Percentile
98.8%
Related for USN-3515-1