This Metasploit module exploits a default Vagrant synced folder (shared folder) to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly disables shared folders, Vagrant mounts the project directory on the host as a writable vagrant directory on the guest virtual machine. This directory includes the project Vagrantfile configuration file. Ruby code within the Vagrantfile is loaded and executed when a user runs any vagrant command from the project directory on the host, leading to execution of Ruby code on the host.
4aa68ef0141c22e4e2be0cd50c642945c2afd7a94ea98ee68a6375e6bd398e81Red Hat Security Advisory 2022-6855-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include buffer overflow, denial of service, double free, and spoofing vulnerabilities.
23b2e4fec136d2b841752155cc897796ca8d6de598e56c894f584c758f0ea16eRed Hat Security Advisory 2022-6856-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include buffer overflow, denial of service, and spoofing vulnerabilities.
bb6ea318ab2029ce81a508f985027beddd25be215db4d7f00c698944641814f3Red Hat Security Advisory 2022-6585-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a double free vulnerability.
1ff122457a9752bdbfb6cb45ab90c6e6d019e61a2c3f8ef3642e2c8ea9b73161Red Hat Security Advisory 2022-6447-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service and spoofing vulnerabilities.
a714de3eaf3a485724cf4aaca3389fd9847b067245c025269499321daae891aaRed Hat Security Advisory 2022-6450-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service, double free, and spoofing vulnerabilities.
64271aa943cadcf4f53769f49f2705c0658c289b46512a0840bf913803fc1cd1Red Hat Security Advisory 2022-5779-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service and spoofing vulnerabilities.
01fe6dcd91920a9cb22a03c1c89fe0164eb2af76b1957d74cf7452270d04cd71Red Hat Security Advisory 2022-5338-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
b4a68cc58eca9da243167ff02e79915ee516758ed00c162a9cdd60a5051ec094Ubuntu Security Notice 5462-2 - USN-5462-1 fixed several vulnerabilities in Ruby. This update provides the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
b47ace4598aa16889d8fd13a61ab6776251e8e1f05e571cdb335797d23e1ec0cUbuntu Security Notice 5462-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
93396c53d1b014d262f3aed6dacbfc8d58faaea61e4dae6cbadc94a05bec397aDebian Linux Security Advisory 5137-1 - Jakub Wilk discovered a local privilege escalation in needrestart, a utility to check which daemons need to be restarted after library upgrades. Regular expressions to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.
4052b1ab98ef2e147520dccc60d5f2db6e5257cadadb6200c821a45e46034e08Debian Linux Security Advisory 5146-1 - Multiple security vulnerabilities were discovered in Puma, a HTTP server for Ruby/Rack applications, which could result in HTTP request smuggling or information disclosure.
875d2755cc0a513d860625e8cd44e53f4aa7ee7212205db738d63af27b06de7aRed Hat Security Advisory 2022-0708-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, denial of service, and spoofing vulnerabilities.
f83547ba4736bf0787d355efe1d9f8bfeb8c4feba15c83208f06fc61783cd7d3Debian Linux Security Advisory 5066-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service.
06fe6a239e4a0b70fe9ff726baf6486b9f36b1ff6318001480327005363f19d9Debian Linux Security Advisory 5067-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in information disclosure or denial of service.
0484f18bed972d71f7df53edb8f4ef294019db03c31c92c45a5da5d8c6a8bcb6Red Hat Security Advisory 2022-0672-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
75b83c280fe30dd26b2d514ba311d51c918989f7bf0b43fc25fb89e588c8f1f0Red Hat Security Advisory 2022-0582-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, code execution, denial of service, information leakage, and spoofing vulnerabilities.
28f434c8a7e0c5a9a457c78e1d0a72539ecb56d9a3673853dd0aa3595f619edaRed Hat Security Advisory 2022-0581-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, code execution, denial of service, information leakage, and spoofing vulnerabilities.
8bd21cf01e10e7a947db8efca057a501595b8383a816b9f497a90e17a13ebc45Red Hat Security Advisory 2022-0548-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
986d8c7944b2362ed7e7eec57d6eaf416489c5983bf83435fea62760e077dc74Red Hat Security Advisory 2022-0546-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
f6264ade44201a2e533518855a81041271fab0537303c58b2f6f137ea511eb18Red Hat Security Advisory 2022-0547-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
a196caf8a4980946f6656d50054fd3e752c8cedd393d591cdcbacd2f2584d339Red Hat Security Advisory 2022-0544-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, denial of service, and spoofing vulnerabilities.
ceb41e93f7a4f1064aec7c5b8bc73d5be2c606f6aff3d1f38923815c8a60f0aaRed Hat Security Advisory 2022-0543-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, denial of service, and spoofing vulnerabilities.
dfdba266365e044f1046b80b1a63a79d7490623a6a4906cec8a75fe7353d9087Red Hat Security Advisory 2022-0545-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
97963ecb6a8dc1202bc765d22780ed6c615ccbd36699096d6aed25c09d163cf9Ubuntu Security Notice 5235-1 - It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a regular expression denial of service.
a6359db1c94f5fd218ffeb0030ff14aadcb0e1fa663d178749a56f56c3ad47c9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed