Ruby OpenSSL CVE-2018-16395 Certificate Validation Security Bypass Vulnerability

Description

Ruby OpenSSL is prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.

Technologies Affected

• Oracle Communications Interactive Session Recorder 6.0
• Oracle Communications Interactive Session Recorder 6.1
• Oracle Communications Interactive Session Recorder 6.2
• Oracle Communications Interactive Session Recorder 6.3
• Redhat Enterprise Linux 5
• Redhat Enterprise Linux 6
• Redhat Enterprise Linux Desktop 7
• Redhat Enterprise Linux EUS Compute Node 7.4
• Redhat Enterprise Linux EUS Compute Node 7.6
• Redhat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6
• Redhat Enterprise Linux Server - Extended Update Support 7.6
• Redhat Enterprise Linux Server - TUS 7.6
• Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.6
• Redhat Enterprise Linux Server 7
• Redhat Enterprise Linux Server AUS 7.4
• Redhat Enterprise Linux Server AUS 7.6
• Redhat Enterprise Linux Workstation 7
• Redhat Enterprise Linux for ARM 64 7
• Redhat Enterprise Linux for IBM System z (Structure A) 7
• Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.4
• Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.6
• Redhat Enterprise Linux for IBM z Systems 7
• Redhat Enterprise Linux for Power 9 7
• Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.4
• Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.6
• Redhat Enterprise Linux for Power, big endian 7
• Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.4
• Redhat Enterprise Linux for Scientific Computing 7
• Redhat Subscription Asset Manager
• Redhat Virtualization 4
• Ruby-Lang Ruby 2.3.0
• Ruby-Lang Ruby 2.3.4
• Ruby-Lang Ruby 2.3.5
• Ruby-Lang Ruby 2.3.6
• Ruby-Lang Ruby 2.3.7
• Ruby-Lang Ruby 2.4.0
• Ruby-Lang Ruby 2.4.1
• Ruby-Lang Ruby 2.4.2
• Ruby-Lang Ruby 2.4.3
• Ruby-Lang Ruby 2.4.4
• Ruby-Lang Ruby 2.5.0
• Ruby-Lang Ruby 2.5.1
• Ruby-Lang Ruby 2.6.0-preview1
• Ruby-Lang openssl

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of exploits.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Do not use client software to communicate with untrusted sources.
To reduce the likelihood of exploits, connect to only trusted hosts and servers.

Updates are available. Please see the references or vendor advisory for more information.