An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a StartTLS stripping attack.
Weakness
The product does not handle or incorrectly handles an exceptional condition.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ruby | Ruby-lang | 2.6.0 (including) | 2.6.7 (including) |
| Ruby | Ruby-lang | 2.7.0 (including) | 2.7.3 (including) |
| Ruby | Ruby-lang | 3.0.0 (including) | 3.0.1 (including) |
| Red Hat Enterprise Linux 8 | RedHat | ruby:2.7-8040020210728141159.522a0ee4 | * |
| Red Hat Enterprise Linux 8 | RedHat | ruby:2.6-8050020211215144356.c5368500 | * |
| Red Hat Enterprise Linux 8 | RedHat | ruby:2.5-8050020220216195847.c5368500 | * |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | RedHat | ruby:2.6-8010020220201152941.c27ad7f8 | * |
| Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | ruby:2.6-8020020220201131207.4cda2c84 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support | RedHat | ruby:2.6-8040020220131135901.522a0ee4 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-ruby27-ruby-0:2.7.4-130.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-ruby30-ruby-0:3.0.2-148.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-ruby26-ruby-0:2.6.9-120.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-ruby27-ruby-0:2.7.4-130.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-ruby30-ruby-0:3.0.2-148.el7 | * |
| Ruby1.9.1 | Ubuntu | trusty | * |
| Ruby2.0 | Ubuntu | trusty | * |
| Ruby2.3 | Ubuntu | esm-infra/xenial | * |
| Ruby2.3 | Ubuntu | xenial | * |
| Ruby2.5 | Ubuntu | bionic | * |
| Ruby2.5 | Ubuntu | esm-infra/bionic | * |
| Ruby2.7 | Ubuntu | esm-infra/focal | * |
| Ruby2.7 | Ubuntu | focal | * |
| Ruby2.7 | Ubuntu | groovy | * |
| Ruby2.7 | Ubuntu | hirsute | * |
| Ruby2.7 | Ubuntu | impish | * |
References
- https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a
- https://hackerone.com/reports/1178562
- https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html
- https://security.gentoo.org/glsa/202401-27
- https://security.netapp.com/advisory/ntap-20210902-0004/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/
- https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a
- https://hackerone.com/reports/1178562
- https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html
- https://security.gentoo.org/glsa/202401-27
- https://security.netapp.com/advisory/ntap-20210902-0004/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/