CVE-2018-6914
CVSS5.0
发布时间 :2018-04-03 18:29:00
修订时间 :2018-05-10 10:20:03
NMPS    

[原文]Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-22 [对路径名的限制不恰当(路径遍历)]

- CPE (受影响的平台与产品)

cpe:/a:ruby-lang:ruby:2.2.0
cpe:/a:ruby-lang:ruby:2.6.0:preview1
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:17.10
cpe:/o:debian:debian_linux:7.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6914
(官方数据源) NVD

- 其它链接及资源

http://www.securityfocus.com/bid/103686
(VENDOR_ADVISORY)  BID  103686
https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html
(VENDOR_ADVISORY)  MLIST  [debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update
https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html
(VENDOR_ADVISORY)  MLIST  [debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update
https://usn.ubuntu.com/3626-1/
(VENDOR_ADVISORY)  UBUNTU  USN-3626-1
https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/
(PATCH)  CONFIRM  https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/
https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/
(PATCH)  CONFIRM  https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/
https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/
(PATCH)  CONFIRM  https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/
https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/
(PATCH)  CONFIRM  https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/
https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
(VENDOR_ADVISORY)  CONFIRM  https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/

- 漏洞信息 (F146960)

Slackware Security Advisory - ruby Updates (PacketStormID:F146960)
2018-03-30 00:00:00
Slackware Security Team  slackware.com
advisory,ruby
linux,slackware
CVE-2017-17742,CVE-2018-6914,CVE-2018-8777,CVE-2018-8778,CVE-2018-8779,CVE-2018-8780
[点击下载]

Slackware Security Advisory - New ruby packages are available for Slackware 14.2 and -current to fix security issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  ruby (SSA:2018-088-01)

New ruby packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/ruby-2.2.10-i586-1_slack14.2.txz:  Upgraded.
  This release includes some bug fixes and some security fixes:
  HTTP response splitting in WEBrick.
  Unintentional file and directory creation with directory traversal in
  tempfile and tmpdir.
  DoS by large request in WEBrick.
  Buffer under-read in String#unpack.
  Unintentional socket creation by poisoned NUL byte in UNIXServer
  and UNIXSocket.
  Unintentional directory traversal by poisoned NUL byte in Dir.
  Multiple vulnerabilities in RubyGems.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ruby-2.2.10-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ruby-2.2.10-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/ruby-2.5.1-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/ruby-2.5.1-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.2 package:
6d9fe0b738bd69415ef3baa099ff080c  ruby-2.2.10-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
7c78396305daa605f770ea4d41dc3ae8  ruby-2.2.10-x86_64-1_slack14.2.txz

Slackware -current package:
344aff109ec8333eb9b8528e4586c93e  d/ruby-2.5.1-i586-1.txz

Slackware x86_64 -current package:
7769371ca9beb48b5a8188c91cabf32f  d/ruby-2.5.1-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg ruby-2.2.10-i586-1_slack14.2.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlq9UWQACgkQakRjwEAQIjNzBwCdGrBY1uRsC+7m8733/dS4bxTO
sygAn2iQfqW5XjBajNnIAZELIWg8BmXz
=Djyy
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F147210)

Ubuntu Security Notice USN-3626-1 (PacketStormID:F147210)
2018-04-16 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,ruby
linux,ubuntu
CVE-2018-6914,CVE-2018-8778,CVE-2018-8779,CVE-2018-8780
[点击下载]

Ubuntu Security Notice 3626-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to connect to an unintended socket. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3626-1
April 16, 2018

ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Ruby.

Software Description:
- ruby2.3: Object-oriented scripting language
- ruby1.9.1: Object-oriented scripting language
- ruby2.0: Object-oriented scripting language

Details:

It was discovered that Ruby incorrectly handled certain inputs. An
attacker could possibly use this to execute arbitrary code.
(CVE-2018-6914)

It was discovered that Ruby incorrectly handled certain inputs. An
attacker could possibly use this to access sensitive information.
(CVE-2018-8778, CVE-2018-8780)

It was discovered that Ruby incorrectly handled certain inputs. An
attacker could possibly use this to connect to an unintended socket.
(CVE-2018-8779)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  libruby2.3                      2.3.3-1ubuntu1.5
  ruby2.3                         2.3.3-1ubuntu1.5

Ubuntu 16.04 LTS:
  libruby2.3                      2.3.1-2~16.04.9
  ruby2.3                         2.3.1-2~16.04.9

Ubuntu 14.04 LTS:
  libruby1.9.1                    1.9.3.484-2ubuntu1.11
  libruby2.0                      2.0.0.484-1ubuntu2.9
  ruby1.9.1                       1.9.3.484-2ubuntu1.11
  ruby1.9.3                       1.9.3.484-2ubuntu1.11
  ruby2.0                         2.0.0.484-1ubuntu2.9

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3626-1
  CVE-2018-6914, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780

Package Information:
  https://launchpad.net/ubuntu/+source/ruby2.3/2.3.3-1ubuntu1.5
  https://launchpad.net/ubuntu/+source/ruby2.3/2.3.1-2~16.04.9
  https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.484-2ubuntu1.11
  https://launchpad.net/ubuntu/+source/ruby2.0/2.0.0.484-1ubuntu2.9
    

- 漏洞信息

Ruby CVE-2018-6914 Directory Traversal Vulnerability
Input Validation Error 103686
Yes No
2018-03-28 12:00:00 2018-03-28 12:00:00
ooooooo_q

- 受影响的程序版本

Ruby-Lang Ruby 2.4.3
Ruby-Lang Ruby 2.4.2
Ruby-Lang Ruby 2.4.1
Ruby-Lang Ruby 2.3.6
Ruby-Lang Ruby 2.3.5
Ruby-Lang Ruby 2.3.4
Ruby-Lang Ruby 2.3
Ruby-Lang Ruby 2.2.9
Ruby-Lang Ruby 2.2.8
Ruby-Lang Ruby 2.2.7
Ruby-Lang Ruby 2.2
Ruby-Lang Ruby 2.1.4
Ruby-Lang Ruby 2.1.3
Ruby-Lang Ruby 2.1.2
Ruby-Lang Ruby 2.0 rc2
Ruby-Lang Ruby 1.9
Ruby-Lang Ruby 1.8.7 p72
Ruby-Lang Ruby 1.8.7 p71
Ruby-Lang Ruby 1.8.5
Ruby-Lang Ruby 2.6.0-preview1
Ruby-Lang Ruby 2.5.0
Ruby-Lang Ruby 2.4.0
Ruby-Lang Ruby 2.2.2
Ruby-Lang Ruby 2.1.6
Ruby-Lang Ruby 2.1.5
Ruby-Lang Ruby 2.1.2p168
Ruby-Lang Ruby 2.1.1
Ruby-Lang Ruby 2.1 Preview1
Ruby-Lang Ruby 2.1 -
Ruby-Lang Ruby 2.0.0-p594
Ruby-Lang Ruby 2.0.0 RC1
Ruby-Lang Ruby 2.0.0 Preview2
Ruby-Lang Ruby 2.0.0 Preview1
Ruby-Lang Ruby 2.0.0 patchlevel 645
Ruby-Lang Ruby 2.0.0 P598
Ruby-Lang Ruby 2.0.0 P247
Ruby-Lang Ruby 2.0.0 P195
Ruby-Lang Ruby 2.0.0 P0
Ruby-Lang Ruby 2.0.0
Ruby-Lang Ruby 1.9.3-p550
Ruby-Lang Ruby 1.9.3 P551
Ruby-Lang Ruby 1.9.3 P429
Ruby-Lang Ruby 1.9.3 P426
Ruby-Lang Ruby 1.9.3 P392
Ruby-Lang Ruby 1.9.3 P385
Ruby-Lang Ruby 1.9.3 P383
Ruby-Lang Ruby 1.9.3 P286
Ruby-Lang Ruby 1.9.3 P194
Ruby-Lang Ruby 1.9.3 P125
Ruby-Lang Ruby 1.9.3 P0
Ruby-Lang Ruby 1.9.3
Ruby-Lang Ruby 1.9.2-p330
Ruby-Lang Ruby 1.9.2
Ruby-Lang Ruby 1.9.1
Ruby-Lang Ruby 1.9
Ruby-Lang Ruby 1.8.7 Preview4
Ruby-Lang Ruby 1.8.7 Preview3
Ruby-Lang Ruby 1.8.7 Preview2
Ruby-Lang Ruby 1.8.7 Preview1
Ruby-Lang Ruby 1.8.7 P374
Ruby-Lang Ruby 1.8.7 P373
Ruby-Lang Ruby 1.8.7 P371
Ruby-Lang Ruby 1.8.7 P370
Ruby-Lang Ruby 1.8.7 P358
Ruby-Lang Ruby 1.8.7 P357
Ruby-Lang Ruby 1.8.7 P352
Ruby-Lang Ruby 1.8.7 P334
Ruby-Lang Ruby 1.8.7 P330
Ruby-Lang Ruby 1.8.7 P302
Ruby-Lang Ruby 1.8.7 P301
Ruby-Lang Ruby 1.8.7 P299
Ruby-Lang Ruby 1.8.7 P249
Ruby-Lang Ruby 1.8.7 P248
Ruby-Lang Ruby 1.8.7 P22
Ruby-Lang Ruby 1.8.7 P174
Ruby-Lang Ruby 1.8.7 P173
Ruby-Lang Ruby 1.8.7 P17
Ruby-Lang Ruby 1.8.7 P160
Ruby-Lang Ruby 1.8.7
Ruby-Lang Ruby 1.8.6-26
Ruby-Lang Ruby 1.8.6
Ruby-Lang Ruby 1.8
Redhat Subscription Asset Manager 1.0.0
,Ruby-Lang Ruby 2.5.1
Ruby-Lang Ruby 2.4.4
Ruby-Lang Ruby 2.3.7
Ruby-Lang Ruby 2.2.10

- 不受影响的程序版本

Ruby-Lang Ruby 2.5.1
Ruby-Lang Ruby 2.4.4
Ruby-Lang Ruby 2.3.7
Ruby-Lang Ruby 2.2.10

- 漏洞讨论

Ruby is prone to a directory-traversal vulnerability.

Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks.

Ruby prior to 2.2.10, 2.3.x prior to 2.3.7, 2.4.x prior to 2.4.4, 2.5.x prior to 2.5.1, and 2.6.0-preview1 are vulnerable.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站