oss-sec mailing list archives

Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1

From: larry0 () me com (Larry W. Cashdollar)
Date: Mon, 7 Jul 2014 14:13:47 -0400 (EDT)

Title: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1

Author: Larry W. Cashdollar, @_larry0

Date: 06/01/2014

OSVDB: 108582

CVE:Please Assign

Download: http://rubygems.org/gems/codders-dataset

Gem Author:  codders () octomonkey org uk

From: ./codders-dataset-1.3.2.1/lib/dataset/database/postgresql.rb

Lines 18 and 24 expose the password to the process table, and are vulnerable to command injection if used in the 
context of a rails application. The #{@username} and #{@password} variables aren't properly sanitized before being 
passed to the command line.

015-      
16-      def capture(datasets)
17-        return if datasets.nil? || datasets.empty?
18:        `pg_dump -c #{@database} > #{storage_path(datasets)}`
19-      end
20-      
21-      def restore(datasets)
22-        store = storage_path(datasets)
23-        if File.file?(store)
24:          `psql -U #{@username} -p #{@password} -e #{@database} < #{store}`
25-          true
26-        end
27-      end


Advisory: http://www.vapid.dhs.org/advisories/codders-dataset-1.3.2.1.html

Current thread:

Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 Larry W. Cashdollar (Jul 07)
- Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.) cve-assign (Jul 17)
- <Possible follow-ups>
- Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 Larry W. Cashdollar (Jul 07)