Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2017-17405

Published: 15/12/2017 Updated: 19/09/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 936
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Ruby-lang

Vulnerability Summary

Ruby prior to 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ruby-lang ruby 2.5.0

ruby-lang ruby

debian debian linux 7.0

debian debian linux 9.0

debian debian linux 8.0

redhat enterprise linux server aus 7.4

redhat enterprise linux server eus 7.4

redhat enterprise linux desktop 7.0

redhat enterprise linux server 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server eus 7.6

redhat enterprise linux server tus 7.4

redhat enterprise linux server tus 7.6

redhat enterprise linux server aus 7.6

redhat enterprise linux server eus 7.5

Vendor Advisories

Ubuntu Security Notice: ruby1.9.1, ruby2.0, ruby2.3 vulnerability
Ruby could be made to execute arbitrary commands if opened a specially crafted file ...
Debian Security Advisories: DSA-4259-1 ruby2.3 -- security update
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure This update also fixes several issues in RubyGems which could allow an attacker to use specially crafted gem files ...
Red Hat: Important: rh-ruby23-ruby security, bug fix, and enhancement update
Synopsis Important: rh-ruby23-ruby security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for rh-ruby23-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Red Hat: Important: ruby security update
Synopsis Important: ruby security update Type/Severity Security Advisory: Important Topic An update for ruby is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Red Hat: Important: rh-ruby22-ruby security, bug fix, and enhancement update
Synopsis Important: rh-ruby22-ruby security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for rh-ruby22-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Red Hat: Important: rh-ruby24-ruby security, bug fix, and enhancement update
Synopsis Important: rh-ruby24-ruby security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for rh-ruby24-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Red Hat: Important: ruby security update
Synopsis Important: ruby security update Type/Severity Security Advisory: Important Topic An update for ruby is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP Solutio ...
Debian CVElist Bug Report Logs: ruby2.5: CVE-2017-17405: Command injection vulnerability in Net::FTP
Debian Bug report logs - #884437 ruby25: CVE-2017-17405: Command injection vulnerability in Net::FTP Package: src:ruby25; Maintainer for src:ruby25 is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 15 Dec 2017 08:24:05 UTC Se ...
Debian CVElist Bug Report Logs: ruby2.5: CVE-2017-17790: fixed command injection
Debian Bug report logs - #884878 ruby25: CVE-2017-17790: fixed command injection Package: src:ruby25; Maintainer for src:ruby25 is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 20 Dec 2017 21:33:02 UTC Severity: important Ta ...
Red Hat: CVE-2017-17405
It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module ...

Exploits

Exploit DB: Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - 'NET::Ftp' Command Injection
While using NET::Ftp I realised you could get command execution through "malicious" file names The problem lies in the `gettextfile(remotefile, localfile = Filebasename(remotefile))` method When looking at the source code, you'll note: ``` def gettextfile(remotefile, localfile = Filebasename(remotefile), &amp;block) # :yield: ...

Mailing Lists

Full Disclosure: APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-0 ...
Full Disclosure: APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-10-30-2 macOS Mojave 10141, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra <!-- ...

Github Repositories

https://github.com/deepin-community/ruby-minitar

minitar¶ ↑ home githubcom/halostatue/minitar/ code githubcom/halostatue/minitar/ bugs githubcom/halostatue/minitar/issues rdoc rdocinfo/gems/minitar/ cli githubcom/halostatue/minitar-cli travis &lt;img src=“travis-ciorg/halostatue/minitarsvg” /&gt; appveyor &lt;img src=“ciappveyorcom/api/projects/st

https://github.com/scumdestroy/pentest-scripts-for-dangerous-boys

Some good-boy scripts I've made throughout my time learning aggressive infosec

pentester-bounty-hunter-scripts Just posting some of the scripts I write as I strengthen my pythonic coding, some exploit scripts as I work through their write-ups and attempt to develop my own PoC's, as well as random scripts from one-off challenges or snippets undeserving of an entire github shrine dedicated to their rancid memory Thanks for reading and checking out my

https://github.com/halostatue/minitar

Minimal pure-ruby support for POSIX tar(1) archives.

minitar¶ ↑ home githubcom/halostatue/minitar/ code githubcom/halostatue/minitar/ bugs githubcom/halostatue/minitar/issues rdoc rdocinfo/gems/minitar/ cli githubcom/halostatue/minitar-cli Description¶ ↑ The minitar library is a pure-Ruby library that provides the ability to deal with POSIX tar(1) archive files This is release 09, adding

https://github.com/Namkin-bhujiya/JWT-ATTACK

JWT-ATTACK JWT attacks go to attacks, Skip Introduction Sources, Credits: PortSwigger Bug Bounty Bootcamp by Vickie Li PentesterLab Notes Headers Style: header 1 ⇒ header 2 → header 3 What is JSON Web Tokens (JWT) JSON web tokens (JWTs) are a standardized format for sending cryptographically signed JSON data between systems They can theoretically cont

https://github.com/scumdestroy/pentester-bounty-hunter-scripts

Some good-boy scripts I've made throughout my time learning aggressive infosec

pentester-bounty-hunter-scripts Just posting some of the scripts I write as I strengthen my pythonic coding, some exploit scripts as I work through their write-ups and attempt to develop my own PoC's, as well as random scripts from one-off challenges or snippets undeserving of an entire github shrine dedicated to their rancid memory Thanks for reading and checking out my

References

CWE-78https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/http://www.securityfocus.com/bid/102204https://www.exploit-db.com/exploits/43381/https://lists.debian.org/debian-lts-announce/2017/12/msg00025.htmlhttps://lists.debian.org/debian-lts-announce/2017/12/msg00024.htmlhttps://access.redhat.com/errata/RHSA-2018:0378https://access.redhat.com/errata/RHSA-2018:0585https://access.redhat.com/errata/RHSA-2018:0584https://access.redhat.com/errata/RHSA-2018:0583https://lists.debian.org/debian-lts-announce/2018/07/msg00012.htmlhttps://www.debian.org/security/2018/dsa-4259http://www.securitytracker.com/id/1042004https://access.redhat.com/errata/RHSA-2019:2806https://usn.ubuntu.com/3515-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/43381/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook