Bugzilla – Bug 1087440
VUL-1: CVE-2018-8779: ruby19,ruby,ruby2.1: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
Last modified: 2020-10-21 09:21:03 UTC
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/ CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket Posted by usa on 28 Mar 2018 There is a unintentional socket creation vulnerability in UNIXServer.open method of socket library bundled with Ruby. And there is also a unintentional socket access vulnerability in UNIXSocket.open method. This vulnerability has been assigned the CVE identifier CVE-2018-8779. Details UNIXServer.open accepts the path of the socket to be created at the first parameter. If the path contains NUL (\0) bytes, this method recognize that the path is completed before the NUL bytes. So, if a script accepts an external input as the argument of this method, the attacker can make the socket file in the unintentional path. And, UNIXSocket.open also accepts the path of the socket to be created at the first parameter without checking NUL bytes like UNIXServer.open. So, if a script accepts an external input as the argument of this method, the attacker can accepts the socket file in the unintentional path. All users running an affected release should upgrade immediately. Affected Versions Ruby 2.2 series: 2.2.9 and earlier Ruby 2.3 series: 2.3.6 and earlier Ruby 2.4 series: 2.4.3 and earlier Ruby 2.5 series: 2.5.0 and earlier Ruby 2.6 series: 2.6.0-preview1 prior to trunk revision r62991 Credit Thanks to ooooooo_q for reporting the issue. History Originally published at 2018-03-28 14:00:00 (UTC)
SUSE-SU-2019:1804-1: An update that solves 21 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1082007,1082008,1082009,1082010,1082011,1082014,1082058,1087433,1087434,1087436,1087437,1087440,1087441,1112530,1112532,1130028,1130611,1130617,1130620,1130622,1130623,1130627,1133790 CVE References: CVE-2017-17742,CVE-2018-1000073,CVE-2018-1000074,CVE-2018-1000075,CVE-2018-1000076,CVE-2018-1000077,CVE-2018-1000078,CVE-2018-1000079,CVE-2018-16395,CVE-2018-16396,CVE-2018-6914,CVE-2018-8777,CVE-2018-8778,CVE-2018-8779,CVE-2018-8780,CVE-2019-8320,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323,CVE-2019-8324,CVE-2019-8325 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): ruby2.5-2.5.5-4.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): ruby2.5-2.5.5-4.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): ruby2.5-2.5.5-4.3.1 SUSE Linux Enterprise Module for Basesystem 15 (src): ruby2.5-2.5.5-4.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1771-1: An update that solves 21 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1082007,1082008,1082009,1082010,1082011,1082014,1082058,1087433,1087434,1087436,1087437,1087440,1087441,1112530,1112532,1130028,1130611,1130617,1130620,1130622,1130623,1130627,1133790 CVE References: CVE-2017-17742,CVE-2018-1000073,CVE-2018-1000074,CVE-2018-1000075,CVE-2018-1000076,CVE-2018-1000077,CVE-2018-1000078,CVE-2018-1000079,CVE-2018-16395,CVE-2018-16396,CVE-2018-6914,CVE-2018-8777,CVE-2018-8778,CVE-2018-8779,CVE-2018-8780,CVE-2019-8320,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323,CVE-2019-8324,CVE-2019-8325 Sources used: openSUSE Leap 15.1 (src): ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1, ruby2.5-2.5.5-lp151.4.3.1 openSUSE Leap 15.0 (src): ruby-bundled-gems-rpmhelper-0.0.2-lp150.2.1, ruby2.5-2.5.5-lp150.3.3.1
SUSE-SU-2020:1570-1: An update that fixes 42 vulnerabilities is now available. Category: security (important) Bug References: 1043983,1048072,1055265,1056286,1056782,1058754,1058755,1058757,1062452,1069607,1069632,1073002,1078782,1082007,1082008,1082009,1082010,1082011,1082014,1082058,1087433,1087434,1087436,1087437,1087440,1087441,1112530,1112532,1130611,1130617,1130620,1130622,1130623,1130627,1152990,1152992,1152994,1152995,1171517,1172275 CVE References: CVE-2015-9096,CVE-2016-2339,CVE-2016-7798,CVE-2017-0898,CVE-2017-0899,CVE-2017-0900,CVE-2017-0901,CVE-2017-0902,CVE-2017-0903,CVE-2017-10784,CVE-2017-14033,CVE-2017-14064,CVE-2017-17405,CVE-2017-17742,CVE-2017-17790,CVE-2017-9228,CVE-2017-9229,CVE-2018-1000073,CVE-2018-1000074,CVE-2018-1000075,CVE-2018-1000076,CVE-2018-1000077,CVE-2018-1000078,CVE-2018-1000079,CVE-2018-16395,CVE-2018-16396,CVE-2018-6914,CVE-2018-8777,CVE-2018-8778,CVE-2018-8779,CVE-2018-8780,CVE-2019-15845,CVE-2019-16201,CVE-2019-16254,CVE-2019-16255,CVE-2019-8320,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323,CVE-2019-8324,CVE-2019-8325,CVE-2020-10663 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): ruby2.1-2.1.9-19.3.2 SUSE OpenStack Cloud 8 (src): ruby2.1-2.1.9-19.3.2 SUSE OpenStack Cloud 7 (src): ruby2.1-2.1.9-19.3.2, yast2-ruby-bindings-3.1.53-9.8.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): ruby2.1-2.1.9-19.3.2 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): ruby2.1-2.1.9-19.3.2 SUSE Linux Enterprise Server for SAP 12-SP3 (src): ruby2.1-2.1.9-19.3.2 SUSE Linux Enterprise Server for SAP 12-SP2 (src): ruby2.1-2.1.9-19.3.2, yast2-ruby-bindings-3.1.53-9.8.1 SUSE Linux Enterprise Server 12-SP5 (src): ruby2.1-2.1.9-19.3.2 SUSE Linux Enterprise Server 12-SP4 (src): ruby2.1-2.1.9-19.3.2 SUSE Linux Enterprise Server 12-SP3-LTSS (src): ruby2.1-2.1.9-19.3.2 SUSE Linux Enterprise Server 12-SP3-BCL (src): ruby2.1-2.1.9-19.3.2 SUSE Linux Enterprise Server 12-SP2-LTSS (src): ruby2.1-2.1.9-19.3.2, yast2-ruby-bindings-3.1.53-9.8.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): ruby2.1-2.1.9-19.3.2, yast2-ruby-bindings-3.1.53-9.8.1 SUSE Enterprise Storage 5 (src): ruby2.1-2.1.9-19.3.2 HPE Helion Openstack 8 (src): ruby2.1-2.1.9-19.3.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.