oss-sec mailing list archives
Vulnerability Report for Ruby Gem lawn-login-0.0.7
From: larry0 () me com (Larry W. Cashdollar)
Date: Mon, 7 Jul 2014 14:14:52 -0400 (EDT)
Title: Vulnerability Report for Ruby Gem lawn-login-0.0.7 Author: Larry W. Cashdollar, @_larry0 Date: 06/01/2014 OSVDB: 108576 CVE:Please Assign Download: http://rubygems.org/gems/lawn-login Gem Author: mike.skalnik () gmail com From: ./lawn-login-0.0.7/lib/lawn.rb Line 24 exposes the password to the process table via the #{password} variable. If this Gem is used in the context of a rails application it maybe possible to inject commands remotely into the shell as these variables are not sanitized. 021- end 22- 23- def login(username, password) 24: `curl -s -f -F username=\#{username}\ -F password=\#{password}\ -F iss=\false\ -F output=\binary\ https://auth.lawn.gatech.edu/index.php` 25- end 26-end Advisory: http://www.vapid.dhs.org/advisories/lawn-login-0.0.7.html
Current thread:
- Vulnerability Report for Ruby Gem lawn-login-0.0.7 Larry W. Cashdollar (Jul 07)