oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Vulnerability Report for Ruby Gem point-cli-0.0.1

From: larry0 () me com (Larry W. Cashdollar)
Date: Mon, 7 Jul 2014 14:14:21 -0400 (EDT)
Title: Vulnerability Report for Ruby Gem point-cli-0.0.1

Author: Larry W. Cashdollar, @_larry0

Date: 06/01/2014

OSVDB: 108577

CVE:Please Assign

Download: http://rubygems.org/gems/point-cli

Gem Author:  adam () atechmedia com

From: ./point-cli-0.0.1/lib/commands/setup.rb

Line 19 exposes the username and password combination to the process table.  If this Gem is used in the context of a 
rails application it is possible to remotely inject commands if the #{username} and #{password} are supplied by the 
user.

016-  
18-  
19:  command = "curl -q -s -u \"#{username}:#{password}\" #{Point.site}/api_key"
20-  if `#{command}` =~ /(\w{40})/
21:    api_key = $1
22-  else
23-    puts "\e[31mAccess was denied or the server was unavailable. Please check your username & password is 
correct.\e[0m"
24-    Process.exit(1)
25-  end
26-  
27:  config_json = {:username => username, :apitoken => api_key}.to_json
28-  File.open($point_config_file, w) { |f| f.write(config_json)}
29-  puts "\e[32mConfiguration was successfully saved to #{$point_config_file}\e[0m"
30-end


Advisory: http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html
Previous By Date Next
Previous By Thread Next

Current thread: