When you use ruby-debug-ide for remote debugging,it will potentially cause arbitrary remote code execution.
rdebug-ide --host 0.0.0.0 --port 6666 --dispatcher-port 6666 -- test.rb s telnet remote_host remote_port
Because there is no permission verification, as long as the port is opened, everyone can access remotely.Other language debugger there was a similar situation,like Node.js Debug RCE(https://www.cvedetails.com/cve/CVE-2018-12120/) 、Java Debug RCE(https://www.rapid7.com/db/modules/exploit/multi/misc/java_jdwp_debugger/).
Remote code execution can be exploited through the following steps.
1.Although the help document without any command execution instructions(https://github.com/ruby-debug/ruby-debug-ide/blob/master/protocol-spec.md). Looks can't remote command execution.
2.But I found in the directory(ruby-debug-ide/lib/ruby-debug-ide/commands/) that command eval can execute arbitrary commands.
3.So when anybody connected the remote service who can execute arbitrary code execution.
Advice
1.Modify the readme.md content,using a specific IP --host specific_ip
2.Delete the "eval" command
3.Using the authentication like SSH.
When you use ruby-debug-ide for remote debugging,it will potentially cause arbitrary remote code execution.
rdebug-ide --host 0.0.0.0 --port 6666 --dispatcher-port 6666 -- test.rb s
telnet remote_host remote_port
Because there is no permission verification, as long as the port is opened, everyone can access remotely.Other language debugger there was a similar situation,like Node.js Debug RCE(https://www.cvedetails.com/cve/CVE-2018-12120/) 、Java Debug RCE(https://www.rapid7.com/db/modules/exploit/multi/misc/java_jdwp_debugger/).Remote code execution can be exploited through the following steps.
1.Although the help document without any command execution instructions(https://github.com/ruby-debug/ruby-debug-ide/blob/master/protocol-spec.md). Looks can't remote command execution. 2.But I found in the directory(ruby-debug-ide/lib/ruby-debug-ide/commands/) that command
eval
can execute arbitrary commands.3.So when anybody connected the remote service who can execute arbitrary code execution.
Advice
1.Modify the readme.md content,using a specific IP
--host specific_ip
2.Delete the "eval" command 3.Using the authentication like SSH.