oss-sec mailing list archives
echor 0.1.6 Ruby Gem exposes login credentials
From: "Larry W. Cashdollar" <larry0 () me com>
Date: Thu, 30 Jan 2014 13:22:26 -0500
Title: echor 0.1.6 Ruby Gem exposes login credentials Date: 1/14/2014 CVE: Please assign one. Author: Larry W. Cashdollar, @_larry0 Download: http://rubygems.org/gems/echor Description: Echo ruby wrapper Vulnerability in file echor-0.1.6/lib/echor/backplane.rb: The function perform_request passes sensitive data to the shell and unsanitized user input, if this gem is used in a rails application a user could get remote command injection simply by putting a semi-colon in their username or password. At a minimum a local user can steal the login credentials just by watching the process table on the system. 45 def perform_request(data) 46 JSON.parse(`curl -u {Echo.backplane_user}: {Echo.backplane_password} --data-binary '#{data}' #{@channel}`) 47 end Vendor: Not notified, I don't think this Gem is maintained anymore. Advisory: http://www.vapid.dhs.org/advisories/echor-expose-login-creds.html
Current thread:
- echor 0.1.6 Ruby Gem exposes login credentials Larry W. Cashdollar (Jan 30)
- Re: echor 0.1.6 Ruby Gem exposes login credentials cve-assign (Jan 31)