oss-sec mailing list archives
Vulnerability Report for Ruby Gem backup-agoddard-3.0.28
From: larry0 () me com (Larry W. Cashdollar)
Date: Mon, 7 Jul 2014 14:13:55 -0400 (EDT)
Title: Vulnerability Report for Ruby Gem backup-agoddard-3.0.28 Author: Larry W. Cashdollar, @_larry0 Date: 06/01/2014 OSVDB: 108578 CVE:Please Assign Download: http://rubygems.org/gems/backup-agoddard Gem Author: anthony () anthonygoddard com From: ./backup-agoddard-3.0.28/lib/backup/cli/utility.rb Lines 178 and 180 exposed the password to the process table, they are also remote command injection points if this gem is used in the context of a rails application as the user input isn't properly sanitized. 0175- base64 = options[:base64] ? -base64 : 176- password = options[:password_file].empty? ? : "-pass file:#{options[:password_file]}" 177- salt = options[:salt] ? -salt : 178: %x[openssl aes-256-cbc -d #{base64} #{password} #{salt} -in #{options[:in]} -out #{options[:out]}] 179- when gpg 180: %x[gpg -o #{options[:out]} -d #{options[:in]}] 181- else 182- puts "Unknown encryptor: #{options[:encryptor]}" 183- puts "Use either openssl or gpg." -- 224- puts "Please wait..\n\n" 226- end 227- 228- if options[:installed] 230- end 231- end 232- Advisory: http://www.vapid.dhs.org/advisories/backup-agoddard-3.0.28.html
Current thread:
- Vulnerability Report for Ruby Gem backup-agoddard-3.0.28 Larry W. Cashdollar (Jul 07)