oss-sec mailing list archives
Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1
From: larry0 () me com (Larry W. Cashdollar)
Date: Mon, 7 Jul 2014 14:13:41 -0400 (EDT)
Title: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 Author: Larry W. Cashdollar, @_larry0 Date: 06/01/2014 OSVDB: 108583 CVE:Please Assign Download: http://rubygems.org/gems/codders-dataset Gem Author: codders () octomonkey org uk From: ./codders-dataset-1.3.2.1/lib/dataset/database/mysql.rb Lines 18 and 24 expose the password to the process table, and are vulnerable to command injection if used in the context of a rails application. The #{@username} and #{@password} variables aren't properly sanitized before being passed to the command line. 015- 16- def capture(datasets) 17- return if datasets.nil? || datasets.empty? 18: `mysqldump -u #{@username} --password=#{@password} --compact --extended-insert --no-create-db --add-drop-table --quick --quote-names #{@database} > #{storage_path(datasets)}` 19- end 20- 21- def restore(datasets) 22- store = storage_path(datasets) 23- if File.file?(store) 24: `mysql -u #{@username} --password=#{@password} --database=#{@database} < #{store}` 25- true 26- end 27- end Advisory: http://www.vapid.dhs.org/advisories/codders-dataset-1.3.2.1.html
Current thread:
- Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 Larry W. Cashdollar (Jul 07)
- Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.) cve-assign (Jul 17)
- <Possible follow-ups>
- Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 Larry W. Cashdollar (Jul 07)