Posted by usa on 28 Mar 2018
There is a unintentional socket creation vulnerability in
UNIXServer.open method of socket library bundled with Ruby.
And there is also a unintentional socket access vulnerability in
This vulnerability has been assigned the CVE identifier CVE-2018-8779.
UNIXServer.open accepts the path of the socket to be created at the first parameter.
If the path contains NUL (
\0) bytes, this method recognize that the path is completed before the NUL bytes.
So, if a script accepts an external input as the argument of this method, the attacker can make the socket file in the unintentional path.
UNIXSocket.open also accepts the path of the socket to be created at the first parameter without checking NUL bytes like
So, if a script accepts an external input as the argument of this method, the attacker can accepts the socket file in the unintentional path.
All users running an affected release should upgrade immediately.
- Ruby 2.2 series: 2.2.9 and earlier
- Ruby 2.3 series: 2.3.6 and earlier
- Ruby 2.4 series: 2.4.3 and earlier
- Ruby 2.5 series: 2.5.0 and earlier
- Ruby 2.6 series: 2.6.0-preview1
- prior to trunk revision r62991
Thanks to ooooooo_q for reporting the issue.
- Originally published at 2018-03-28 14:00:00 (UTC)