CVE-2017-17790 - OpenCVE

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ruby-lang	Ruby

Configuration 1 [-]

OR	cpe:2.3:a:ruby-lang:ruby::::::::
	cpe:2.3:a:ruby-lang:ruby::::::::
	cpe:2.3:a:ruby-lang:ruby::::::::
	cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1::::::

References

Link	Resource
https://access.redhat.com/errata/RHSA-2018:0378
https://access.redhat.com/errata/RHSA-2018:0583
https://access.redhat.com/errata/RHSA-2018:0584
https://access.redhat.com/errata/RHSA-2018:0585
https://github.com/ruby/ruby/pull/1777	Exploit Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html
https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
https://www.debian.org/security/2018/dsa-4259

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-20T09:00:00

Updated: 2018-08-02T09:57:01

Reserved: 2017-12-20T00:00:00

Link: CVE-2017-17790

JSON object: View

NVD Information

Status : Modified

Published: 2017-12-20T09:29:01.477

Modified: 2018-08-03T01:29:02.140

Link: CVE-2017-17790

JSON object: View

Redhat Information

No data.

CWE

CWE-74

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-12-20T00:00:00", "descriptions": [{"lang": "en", "value": "The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-02T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2018:0585", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0585"}, {"name": "[debian-lts-announce] 20171225 [SECURITY] [DLA 1222-1] ruby1.8 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html"}, {"name": "RHSA-2018:0378", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0378"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ruby/ruby/pull/1777"}, {"name": "RHSA-2018:0584", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0584"}, {"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"}, {"name": "RHSA-2018:0583", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0583"}, {"name": "[debian-lts-announce] 20171225 [SECURITY] [DLA 1221-1] ruby1.9.1 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html"}, {"name": "DSA-4259", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4259"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17790", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:0585", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0585"}, {"name": "[debian-lts-announce] 20171225 [SECURITY] [DLA 1222-1] ruby1.8 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html"}, {"name": "RHSA-2018:0378", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0378"}, {"name": "https://github.com/ruby/ruby/pull/1777", "refsource": "CONFIRM", "url": "https://github.com/ruby/ruby/pull/1777"}, {"name": "RHSA-2018:0584", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0584"}, {"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"}, {"name": "RHSA-2018:0583", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0583"}, {"name": "[debian-lts-announce] 20171225 [SECURITY] [DLA 1221-1] ruby1.9.1 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html"}, {"name": "DSA-4259", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4259"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17790", "datePublished": "2017-12-20T09:00:00", "dateReserved": "2017-12-20T00:00:00", "dateUpdated": "2018-08-02T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "matchCriteriaId": "B35C3AD5-0AFB-481C-A14C-74FE4E9D4075", "versionEndIncluding": "2.2.8", "versionStartIncluding": "2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D4CCCBF-2BC7-4F93-ABD5-E8A979DD6FBC", "versionEndIncluding": "2.3.5", "versionStartIncluding": "2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "matchCriteriaId": "175826D2-3602-48AE-A3B9-5764E8FC8834", "versionEndIncluding": "2.4.2", "versionStartIncluding": "2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1:*:*:*:*:*:*", "matchCriteriaId": "1A059BF9-B9CA-4468-ABCD-0B8BD0C67FEF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely."}, {"lang": "es", "value": "La funci\u00f3n lazy_initialize en lib/resolv.rb en Ruby hasta la versi\u00f3n 2.4.3 utiliza Kernel#open, lo que podr\u00eda permitir ataques de inyecci\u00f3n de comandos, tal y como demuestra un argumento Resolv::Hosts::new que comience con un car\u00e1cter \"|\". Esta es una vulnerabilidad diferente a CVE-2017-17405. NOTA: es altamente improbable que se den situaciones con entradas no fiables."}], "id": "CVE-2017-17790", "lastModified": "2018-08-03T01:29:02.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-20T09:29:01.477", "references": [{"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:0378"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:0583"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:0584"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:0585"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/ruby/ruby/pull/1777"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2018/dsa-4259"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}