RubyĿ¼±éÀúÎó²î£¨CVE-2021-28966£©

Ðû²¼Ê±¼ä 2021-04-07

0x00 Îó²î¸ÅÊö

CVE  ID

CVE-2021-28966

ʱ    ¼ä

2021-04-07

Àà   ÐÍ

Ŀ¼±éÀú

µÈ    ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ


 

0x01 Îó²îÏêÇé

image.png

 

RubyÊÇÒ»ÖÖ¼òÆӵġ¢ÃæÏò¹¤¾ßµÄ³ÌÐòÉè¼Æ¾ç±¾ÓïÑÔ¡£¡£¡£¡£

2021Äê04ÔÂ05ÈÕ£¬£¬£¬Ruby¹Ù·½Ðû²¼Ç徲ͨ¸æ£¬£¬£¬¹ûÕæÁËWindowsÉÏÓëRubyÀ¦°óÔÚÒ»ÆðµÄtmpdir¿âÖеÄÒ»¸öĿ¼±éÀúÎó²î£¨CVE-2021-28966£©¡£¡£¡£¡£

tmpdir¿âÒýÈëµÄDir.mktmpdirÒªÁ콫µÚÒ»¸ö²ÎÊý×÷Ϊ½¨ÉèµÄĿ¼µÄǰ׺ºÍºó׺£¬£¬£¬²¢ÇÒǰ׺¿ÉÒÔ°üÀ¨Ïà¶ÔµÄĿ¼ָ¶¨·û¡±..\\¡±,ÓÉÓÚ¸ÃÒªÁì¿ÉÓÃÓÚ¶¨Î»ÈκÎĿ¼£¬£¬£¬Òò´Ë¹¥»÷Õß¿Éͨ¹ýʹÓôËÎó²î¾ÙÐÐĿ¼±éÀú£¬£¬£¬²¢ÇÒÈôÊǾ籾½ÓÊÜÍⲿÊäÈë×÷Ϊǰ׺£¬£¬£¬ÇÒRubyÀú³Ì¾ßÓнϸߵÄȨÏÞʱ£¬£¬£¬¹¥»÷Õß¿ÉÒÔÔÚÈκÎĿ¼Öн¨ÉèĿ¼»òÎļþ¡£¡£¡£¡£

 

Ó°Ïì¹æÄ£

Ruby <= 2.7.2

Ruby = 3.0.0

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚ¸ÃÎó²îÒѾ­ÐÞ¸´£¬£¬£¬½¨Òéʵʱ¸üÐÂÖÁ×îа汾¡£¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://www.ruby-lang.org/en/news/2021/04/05/ruby-3-0-1-released/

 

0x03 ²Î¿¼Á´½Ó

https://www.ruby-lang.org/en/news/2021/04/05/tempfile-path-traversal-on-windows-cve-2021-28966/

https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-7-3-released/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965

 

0x04 ʱ¼äÏß

2021-04-05  RubyÐû²¼Ç徲ͨ¸æ

2021-04-07  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png