Bug 1526189 (CVE-2017-17405) - CVE-2017-17405 ruby: Command injection vulnerability in Net::FTP
Summary: CVE-2017-17405 ruby: Command injection vulnerability in Net::FTP
Status: CLOSED ERRATA
Alias: CVE-2017-17405
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20171214,repo...
Keywords: Security
Depends On: 1526539 1526540 1526542 1526543 1526544 1534935 1534936 1534937 1534938 1534939 1534940 1534941 1534942 1545725
Blocks: 1526190
TreeView+ depends on / blocked
 
Reported: 2017-12-14 21:42 UTC by Pedro Sampaio
Modified: 2019-06-08 22:33 UTC (History)
32 users (show)

(edit)
It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.
Clone Of:
(edit)
Last Closed: 2018-04-03 08:13:05 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0378 normal SHIPPED_LIVE Important: ruby security update 2018-03-01 01:06:17 UTC
Red Hat Product Errata RHSA-2018:0583 None None None 2018-03-26 09:47 UTC
Red Hat Product Errata RHSA-2018:0584 None None None 2018-03-26 10:00 UTC
Red Hat Product Errata RHSA-2018:0585 None None None 2018-03-26 10:25 UTC

Description Pedro Sampaio 2017-12-14 21:42:14 UTC
There is a command injection vulnerability in Net::FTP bundled with Ruby. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the pipe character "|", the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.

External references:

https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/

Comment 4 Kurt Seifried 2017-12-15 18:18:51 UTC
Statement:

This issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1 and CloudForms 5. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Comment 8 Mark Knowles 2018-02-09 04:12:07 UTC
OpenShift Container Platform is not vulnerable to this, I am determining whether OpenShift Online is affected.

Comment 10 errata-xmlrpc 2018-02-28 20:03:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0378

Comment 11 errata-xmlrpc 2018-03-26 09:46:55 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS

Via RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0583

Comment 12 errata-xmlrpc 2018-03-26 10:00:36 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS

Via RHSA-2018:0584 https://access.redhat.com/errata/RHSA-2018:0584

Comment 13 errata-xmlrpc 2018-03-26 10:24:59 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS

Via RHSA-2018:0585 https://access.redhat.com/errata/RHSA-2018:0585


Note You need to log in before you can comment on or make changes to this bug.