Related vulnerabilities
gsd-2015-3900
Vulnerability from gsd
Modified
2015-05-14 00:00
Details
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." A flaw was found in a way rubygems verified the API endpoint hostname retrieved through a DNS SRV record. A man-in-the-middle attacker could use this flaw to force a client to download content from an untrusted domain.
Aliases
{ "GSD": { "alias": "CVE-2015-3900", "description": "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"", "id": "GSD-2015-3900", "references": [ "https://www.suse.com/security/cve/CVE-2015-3900.html", "https://access.redhat.com/errata/RHSA-2015:1657", "https://advisories.mageia.org/CVE-2015-3900.html", "https://alas.aws.amazon.com/cve/html/CVE-2015-3900.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "affected": [ { "package": { "ecosystem": "RubyGems", "name": "rubygems-update", "purl": "pkg:gem/rubygems-update" } } ], "aliases": [ "CVE-2015-3900", "OSVDB-122162", "GHSA-wp3j-rvfp-624h" ], "details": "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\" A flaw was found in a way rubygems verified the API endpoint hostname retrieved through a DNS SRV record. A man-in-the-middle attacker could use this flaw to force a client to download content from an untrusted domain.", "id": "GSD-2015-3900", "modified": "2015-05-14T00:00:00.000Z", "published": "2015-05-14T00:00:00.000Z", "references": [ { "type": "WEB", "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356" } ], "schema_version": "1.4.0", "severity": [ { "score": 5.0, "type": "CVSS_V2" } ], "summary": "CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint()" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3900", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2015:1657", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1657.html" }, { "name": "FEDORA-2015-12501", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html" }, { "name": "FEDORA-2015-12574", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html" }, { "name": "[oss-security] 20150626 rubygems \u003c2.4.8 vulnerable to DNS request hijacking (CVE-2015-3900 and CVE-2015-4020)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/06/26/2" }, { "name": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/", "refsource": "MISC", "url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/" }, { "name": "75482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75482" }, { "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356", "refsource": "MISC", "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356" }, { "name": "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html", "refsource": "CONFIRM", "url": "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html" }, { "name": "https://puppet.com/security/cve/CVE-2015-3900", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/CVE-2015-3900" }, { "name": "FEDORA-2015-13157", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" } ] } }, "github.com/rubysec/ruby-advisory-db": { "cve": "2015-3900", "cvss_v2": 5.0, "date": "2015-05-14", "description": "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\" A flaw was found in a way rubygems verified the API endpoint hostname retrieved through a DNS SRV record. A man-in-the-middle attacker could use this flaw to force a client to download content from an untrusted domain.", "gem": "rubygems-update", "ghsa": "wp3j-rvfp-624h", "library": "rubygems", "osvdb": 122162, "patched_versions": [ "~\u003e 2.0.16", "~\u003e 2.2.4", "\u003e= 2.4.7" ], "title": "CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint()", "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356" }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c2.4.7", "affected_versions": "All versions before 2.4.7", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2019-04-22", "description": "RubyGems does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"", "fixed_versions": [ "2.4.7" ], "identifier": "CVE-2015-3900", "identifiers": [ "CVE-2015-3900" ], "not_impacted": "All versions starting from 2.4.7", "package_slug": "gem/rubygems-update", "pubdate": "2015-06-24", "solution": "Upgrade to version 2.4.7 or above.", "title": "7PK - Security Features", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2015-3900", "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html", "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356", "http://rhn.redhat.com/errata/RHSA-2015-1657.html", "http://www.openwall.com/lists/oss-security/2015/06/26/2", "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/", "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "http://www.securityfocus.com/bid/75482", "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html", "https://puppet.com/security/cve/CVE-2015-3900" ], "uuid": "f1adfd90-f895-4da7-9f94-3cfd502e165c" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3900" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-254" } ] } ] }, "references": { "reference_data": [ { "name": "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html" }, { "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356" }, { "name": "RHSA-2015:1657", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1657.html" }, { "name": "[oss-security] 20150626 rubygems \u003c2.4.8 vulnerable to DNS request hijacking (CVE-2015-3900 and CVE-2015-4020)", "refsource": "MLIST", "tags": [ "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2015/06/26/2" }, { "name": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "name": "75482", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/75482" }, { "name": "FEDORA-2015-13157", "refsource": "FEDORA", "tags": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html" }, { "name": "FEDORA-2015-12574", "refsource": "FEDORA", "tags": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html" }, { "name": "FEDORA-2015-12501", "refsource": "FEDORA", "tags": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html" }, { "name": "https://puppet.com/security/cve/CVE-2015-3900", "refsource": "CONFIRM", "tags": [], "url": "https://puppet.com/security/cve/CVE-2015-3900" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2019-04-22T17:48Z", "publishedDate": "2015-06-24T14:59Z" } } }