oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Vulnerability Report for Ruby Gem lean-ruport-0.3.8

From: larry0 () me com (Larry W. Cashdollar)
Date: Mon, 7 Jul 2014 14:14:49 -0400 (EDT)
Title: Vulnerability Report for Ruby Gem lean-ruport-0.3.8

Author: Larry W. Cashdollar, @_larry0

Date: 06/01/2014

OSVDB: 108581

CVE:Please Assign

Download: http://rubygems.org/gems/lean-ruport

Gem Author:  james () yob id au

From: ./lean-ruport-0.3.8/test/tc_database.rb

Line 21 exposes the mysql password to the process table, if this Gem is used in the context of a rails application it 
might be possible to inject commands via the #{ user } and #{ password } variables if those are supplied by the user as 
they are not sanitized before being passed to the shell.

018-            tmp_sql = /tmp/compare.sql
19-             md_command =
20-                     "mysqldump -u#{ user } -p#{ password } --databases stonecodeblog"
21:             `#{ md_command } > #{ tmp_sql }`
22:             diff = `diff #{ orig_sql } #{ tmp_sql }`
23-             assert( diff == , diff[0..500] ) 
24-     end
25-end


Advisory: http://www.vapid.dhs.org/advisories/lean-ruport-0.3.8.html
Previous By Date Next
Previous By Thread Next

Current thread: