Detections
Analytics

EulerOS Virtualization for ARM 64 3.0.1.0 : ruby (EulerOS-SA-2019-1407)

critical Nessus Plugin ID 124910

Synopsis

The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates.

Description

According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

 - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.(CVE-2017-17405)

 - The 'lazy_initialize' function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands.(CVE-2017-17790)

 - It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary.(CVE-2017-0900)

 - It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory.(CVE-2017-0901)

 - A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain.(CVE-2017-0902)

 - A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences.(CVE-2017-0899)

 - A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the inter preter's heap memory.(CVE-2017-14064)

 - It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences.(CVE-2017-10784)

 - It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun.
 An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service.(CVE-2017-14033)

 - A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.(CVE-2017-0898)

 - A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter.(CVE-2017-0903)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected ruby packages.

See Also

http://www.nessus.org/u?f513ca9e

Plugin Details

Severity: Critical

ID: 124910

File Name: EulerOS_SA-2019-1407.nasl

Version: 1.8

Type: local

Published: 5/14/2019

Updated: 5/20/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-17405

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2017-17790

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:ruby, p-cpe:/a:huawei:euleros:ruby-irb, p-cpe:/a:huawei:euleros:ruby-libs, p-cpe:/a:huawei:euleros:rubygem-bigdecimal, p-cpe:/a:huawei:euleros:rubygem-io-console, p-cpe:/a:huawei:euleros:rubygem-json, p-cpe:/a:huawei:euleros:rubygem-psych, p-cpe:/a:huawei:euleros:rubygem-rdoc, p-cpe:/a:huawei:euleros:rubygems, cpe:/o:huawei:euleros:uvp:3.0.1.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/7/2019

Reference Information

CVE: CVE-2017-0898, CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, CVE-2017-0902, CVE-2017-0903, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064, CVE-2017-17405, CVE-2017-17790