oss-sec mailing list archives
Re: Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 08 Apr 2013 12:55:37 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/08/2013 06:56 AM, Larry W. Cashdollar wrote:
Remote Command Injection Karteek Docsplit 0.5.4 ------------------------------------------------------------------------ 4/1/2013 Larry W. Cashdollar @_larry0 User supplied input isn't sanitized against shell metacharacters and is fed directly to the shell. If the user is tricked into extracting a file with shell characters in the name code can be executed remotely. https://rubygems.org/gems/karteek-docsplit ./karteek-docsplit-0.5.4/lib/docsplit/text_extractor.rb 59 def extract_from_ocr(pdf, pages) 60 tempdir = Dir.mktmpdir 61 base_path = File.join(@output, @pdf_name) 62 if pages 63 pages.each do |page| 64 tiff = "*{tempdir}/*{@pdf_name}_*{page}.tif" 65 file = "*{base_path}_*{page}" 66 run "MAGICK*_*TMPDIR=*{tempdir} OMP_NUM_THREADS=2 gm convert -despeckle +adjoin #{MEMORY_ARGS} #{OCR_FLAGS} *{pdf}[*{page - 1}] #{tiff} 2>&1" 67 run "tesseract #{tiff} *{file} -l eng 2>&1" 68 clean_text(file + '.txt') if @clean_ocr 69 FileUtils.remove_entry_secure tiff 70 end 71 else 72 tiff = "*{tempdir}/*{@pdf_name}.tif" 73 run "MAGICK_TMPDIR=*{tempdir} OMP_NUM_THREADS=2 gm convert -despeckle #{MEMORY_ARGS} #{OCR_FLAGS} #{pdf} #{tiff} 2>&1" 74 run "tesseract #{tiff} #{base_path} -l eng 2>&1" 75 clean_text(base_path + '.txt') if @clean_ocr 76 end Run is defined as: 94 def run(command) 95 result = `#{command}` 96 raise ExtractionFailed, result if $? != 0 97 result 98 end This vulnerability doesn't have a CVE yet assigned. http://vapid.dhs.org/advisories/karteek-docsplit-cmd-inject.html
Please use CVE-2013-1933 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRYxKpAAoJEBYNRVNeJnmTzrcP/iaPECr8mJVJvwM4JPeHwfm9 RT0JKcW88hhmKumZJH4Fa/ZMv+ZxXkUfzeTJcoBxCxX26pTeArO6rbuvTt+lP0mi VYW6eRF8tj8x3G8P4y28MY0I+Gt+RtdYWKT8JIfSZAzCJ2kE3JawJeoWZnPg2DkI GWHwv4IsFQ3qR7LPTXiR8vssSqmbSz/yGhhxw+j8BQX9jZDIIOa8vLa/VvUcD+4b o+8Jd2B2z8mtW+0kvOpjS5PWImu6FcW6hIKz3rWuZPwf6V3aFeNUq7o0gQmlTVSQ zTn4nNzmO2MUwIjhNcs0tY6ZVHA03UxrOhpQlqHqIuF46ZFCeVcJa2abLUJ/LNnP 1chRa6DzdoLXnolOZ+Ar2zZgCe5TTuDqBDAptJiil3x746t5diRENTM3ugIgoHB6 2Yxy2h56FCm/7kUVsxcAfKXhESRW4LlUntRm+/srzzcwC3EaDTSwfZQ6TJ9B3SRN 6aIFdk5Xslh0HIXdopki1N6ARx4TVnuR1Ig+ZAFpt1qpVacagfEeal/FS165XWoW fFQy3/Tmp17Wzo0OVdRB8QJ9rFUl/+n43QC9YTjY7nMXCqOoB0wi9bQxA24rnYAC M4cRulVA85Fx9CEYoM6YpPG0BaKBZeFj9V+lp8+iulIrwZhJhPt4XIUE5G82uUpK 6mlvmh9ms2QtESksk/Un =kBd8 -----END PGP SIGNATURE-----
Current thread:
- Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4 Larry W. Cashdollar (Apr 08)
- Re: Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4 Kurt Seifried (Apr 08)