|
Message-id: <B5C4D407-25F6-4047-ACEF-562ECBFF75D9@me.com> Date: Tue, 19 Mar 2013 08:09:39 -0400 From: larry Cashdollar <larry0@...com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Remote command execution in Ruby Gem Command Wrap Remote command execution in Ruby Gem Command Wrap 3/15/2013 http://rubygems.org/gems/command_wrap Commands executed if the remote URL or filename contains the shell character ';'. The commands will be executed as the client user if tricked into using the malicious URL or filename. Examining the following lines: command_wrap.rb-7- def self.capture (url, target) command_wrap.rb-8- command = CommandWrap::Config::Xvfb.command(File.dirname(__FILE__) + "/../bin/CutyCapt --min-width=1024 --min-height=768 --url={url} --out={target}") command_wrap.rb:9: `#{command}` command_wrap.rb-10- end command_wrap.rb-11- -- command_wrap.rb-72- command = CommandWrap::Config::Xvfb.command(File.dirname(__FILE__) + "/../bin/wkhtmltopdf --quiet --print-media-type #{source} #{params} #{target}") command_wrap.rb-73- command_wrap.rb:74: `#{command}` Untrusted data is passed to the command line. Larry W. Cashdollar @_larry0 http://vapid.dhs.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.