oss-sec mailing list archives
Vulnerability Report for Ruby Gem lean-ruport-0.3.8
From: larry0 () me com (Larry W. Cashdollar)
Date: Mon, 7 Jul 2014 14:14:49 -0400 (EDT)
Title: Vulnerability Report for Ruby Gem lean-ruport-0.3.8 Author: Larry W. Cashdollar, @_larry0 Date: 06/01/2014 OSVDB: 108581 CVE:Please Assign Download: http://rubygems.org/gems/lean-ruport Gem Author: james () yob id au From: ./lean-ruport-0.3.8/test/tc_database.rb Line 21 exposes the mysql password to the process table, if this Gem is used in the context of a rails application it might be possible to inject commands via the #{ user } and #{ password } variables if those are supplied by the user as they are not sanitized before being passed to the shell. 018- tmp_sql = /tmp/compare.sql 19- md_command = 20- "mysqldump -u#{ user } -p#{ password } --databases stonecodeblog" 21: `#{ md_command } > #{ tmp_sql }` 22: diff = `diff #{ orig_sql } #{ tmp_sql }` 23- assert( diff == , diff[0..500] ) 24- end 25-end Advisory: http://www.vapid.dhs.org/advisories/lean-ruport-0.3.8.html
Current thread:
- Vulnerability Report for Ruby Gem lean-ruport-0.3.8 Larry W. Cashdollar (Jul 07)