Description

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).

Related CPE's

a

ruby-lang

ruby

3

o

fedoraproject

fedora

34

o

debian

debian_linux

9.0

Vulnerable

a

oracle

jd_edwards_enterpriseone_tools

Vulnerable

References

https://hackerone.com/reports/1145454

ExploitPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/

https://security.gentoo.org/glsa/202401-27

https://security.netapp.com/advisory/ntap-20210917-0001/

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

PatchThird Party Advisory

https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/

Vendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-Other

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

5.8 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-07-13T13:15:09.243

4 years ago

Last modified

2024-01-24T05:15:09.683

1 year ago