CVE-2015-9096 - OpenCVE

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ruby-lang	Ruby

Configuration 1 [-]

cpe:2.3:a:ruby-lang:ruby:*:rc1:*:*:*:*:*:*

References

Link	Resource
http://www.mbsd.jp/Whitepaper/smtpi.pdf	Exploit Third Party Advisory
https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee	Patch Third Party Advisory
https://github.com/rubysec/ruby-advisory-db/issues/215	Issue Tracking Third Party Advisory
https://hackerone.com/reports/137631	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
https://www.debian.org/security/2017/dsa-3966

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-06-12T20:00:00

Updated: 2018-07-14T09:57:01

Reserved: 2017-06-12T00:00:00

Link: CVE-2015-9096

JSON object: View

NVD Information

Status : Modified

Published: 2017-06-12T20:29:00.190

Modified: 2018-07-15T01:29:00.337

Link: CVE-2015-9096

JSON object: View

Redhat Information

No data.

CWE

CWE-93

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-06-12T00:00:00", "descriptions": [{"lang": "en", "value": "Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-14T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3966", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-3966"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/137631"}, {"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/rubysec/ruby-advisory-db/issues/215"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee"}, {"tags": ["x_refsource_MISC"], "url": "http://www.mbsd.jp/Whitepaper/smtpi.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-9096", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3966", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-3966"}, {"name": "https://hackerone.com/reports/137631", "refsource": "MISC", "url": "https://hackerone.com/reports/137631"}, {"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"}, {"name": "https://github.com/rubysec/ruby-advisory-db/issues/215", "refsource": "MISC", "url": "https://github.com/rubysec/ruby-advisory-db/issues/215"}, {"name": "https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee", "refsource": "MISC", "url": "https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee"}, {"name": "http://www.mbsd.jp/Whitepaper/smtpi.pdf", "refsource": "MISC", "url": "http://www.mbsd.jp/Whitepaper/smtpi.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-9096", "datePublished": "2017-06-12T20:00:00", "dateReserved": "2017-06-12T00:00:00", "dateUpdated": "2018-07-14T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:ruby:*:rc1:*:*:*:*:*:*", "matchCriteriaId": "70BED4E2-17E3-4B9D-8C58-ECBE978E90F3", "versionEndIncluding": "2.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring."}, {"lang": "es", "value": "El modulo Net::SMTP de Ruby anterior a su versi\u00f3n 2.4.0 es vulnerable a la inyecci\u00f3n de comandos SMTP mediante secuencias CRLF de los comandos \"RCPT TO\" o \"MAIL FROM\", como demuestra las secuencias CRLF inmediatamente antes y despu\u00e9s de la substring DATA."}], "id": "CVE-2015-9096", "lastModified": "2018-07-15T01:29:00.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-12T20:29:00.190", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.mbsd.jp/Whitepaper/smtpi.pdf"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/rubysec/ruby-advisory-db/issues/215"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/137631"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2017/dsa-3966"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-93"}], "source": "nvd@nist.gov", "type": "Primary"}]}