Mageia: 2018-0411 Moderate: HTTP Response Splitting and Directory Traversal
mageia
October 26, 2018
Ruby before 2.2.10 allows an HTTP Response Splitting attack
Summary
Ruby before 2.2.10 allows an HTTP Response Splitting attack. An attacker
can inject a crafted key and value into an HTTP response for the HTTP
server of WEBrick (CVE-2017-17742).
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir
library in Ruby before 2.2.10 might allow attackers to create arbitrary
directories or files via a .. (dot dot) in the prefix argument
(CVE-2018-6914).
In Ruby before 2.2.10, an attacker can pass a large HTTP request with a
crafted header to WEBrick server or a crafted body to WEBrick
server/handler and cause a denial of service (memory consumption)
(CVE-2018-8777).
In Ruby before 2.2.10, an attacker controlling the unpacking format
(similar to format string vulnerabilities) can trigger a buffer under-read
in the String#unpack method, resulting in a massive and controlled
information disclosure (CVE-2018-8778).
In Ruby before 2.2.10, the UNIXServer.open and UNIXSocket.open methods are
not checked for null characters. It may be connec...
References
- https://bugs.mageia.org/show_bug.cgi?id=22844
- https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/
- https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
- https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/
- https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
- https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
- https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
- https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
- https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
- https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/
- https://www.cve.org/CVERecord?id=CVE-2017-17742
- https://www.cve.org/CVERecord?id=CVE-2018-6914
- https://www.cve.org/CVERecord?id=CVE-2018-8777
- https://www.cve.org/CVERecord?id=CVE-2018-8778
- https://www.cve.org/CVERecord?id=CVE-2018-8779
- https://www.cve.org/CVERecord?id=CVE-2018-8780
- https://www.cve.org/CVERecord?id=CVE-2018-16395
- https://www.cve.org/CVERecord?id=CVE-2018-16396
Topics Covered
Resolution
SRPMS
- 6/core/ruby-2.2.10-16.1.mga6
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 26 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0411.html
Type: security
CVE: CVE-2017-17742,
CVE-2018-6914,
CVE-2018-8777,
CVE-2018-8778,
CVE-2018-8779,
CVE-2018-8780,
CVE-2018-16395,
CVE-2018-16396
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!