Vulnerability CVE-2017-17405

Vulnerability CVE-2017-17405

Published: 2017-12-15

Description:

Type:

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

CVSS Base Score	Impact Subscore	Exploitability Subscore
9.3/10	10/10	8.6/10

Affected software
Ruby-lang -> RUBY
Redhat -> Enterprise linux desktop
Redhat -> Enterprise linux server
Redhat -> Enterprise linux server aus
Redhat -> Enterprise linux server eus
Redhat -> Enterprise linux server tus
Redhat -> Enterprise linux workstation
Debian -> Debian linux

http://www.securityfocus.com/bid/102204

http://www.securitytracker.com/id/1042004

https://access.redhat.com/errata/RHSA-2018:0378

https://access.redhat.com/errata/RHSA-2018:0583

https://access.redhat.com/errata/RHSA-2018:0584

https://access.redhat.com/errata/RHSA-2018:0585

https://access.redhat.com/errata/RHSA-2019:2806

https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html

https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html

https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

https://www.debian.org/security/2018/dsa-4259

https://www.exploit-db.com/exploits/43381/

https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/

https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/