CVE-2017-17405

HIGH

Ruby <2.4.3 - Command Injection

Title source: llm

Description

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.

Exploits (1)

exploitdb WORKING POC

by Etienne Stalmans · localruby

https://www.exploit-db.com/exploits/43381

View Code ZIP pw:eip

References (14)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/102204

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1042004

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:0378

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:0583

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:0584

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:0585

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

[Third Party Advisory] https://www.debian.org/security/2018/dsa-4259

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43381/

[Vendor Advisory] https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/

[Patch, Release Notes, Vendor Advisory] https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2019:2806

Scores

CVSS v3 8.8

EPSS 0.8865

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (15)

debian/debian_linux 7.0

debian/debian_linux 8.0

debian/debian_linux 9.0

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_server 7.0

redhat/enterprise_linux_server_aus 7.4

redhat/enterprise_linux_server_aus 7.6

redhat/enterprise_linux_server_eus 7.4

redhat/enterprise_linux_server_eus 7.5

redhat/enterprise_linux_server_eus 7.6

... and 5 more

Published Dec 15, 2017

Tracked Since Feb 18, 2026