[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4



<html><body><div><h2>Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4
</h2>
<hr>
<p>4/1/2013<br>
Larry W. Cashdollar<br>
@_larry0

</p>
<p>User supplied input isn't sanitized against shell metacharacters and 
is fed directly to the shell.  If the user is tricked into extracting a 
file with shell characters in the name code can be executed remotely.
</p>
<p><a 
href="https://rubygems.org/gems/karteek-docsplit";>https://rubygems.org/gems/karteek-docsplit</a>
</p>
<p>./karteek-docsplit-0.5.4/lib/docsplit/text_extractor.rb
</p>
<pre> 59     def extract_from_ocr(pdf, pages)
 60       tempdir = Dir.mktmpdir
 61       base_path = File.join(@output, @pdf_name)
 62       if pages
 63         pages.each do |page|
 64           tiff = 
"<strong>{tempdir}/</strong>{@pdf_name}<u><strong>{page}.tif"
 65           file = "</strong>{base</u>path}<u><strong>{page}"
 66           run "MAGICK</strong></u><strong>TMPDIR=</strong>{tempdir} 
OMP_NUM_THREADS=2 gm convert -despeckle +adjoin #{MEMORY_ARGS} #{OCR_FLAGS} 
<strong>{pdf}[</strong>{page - 1}] #{tiff} 2&gt;&amp;1"
 67           run "tesseract #{tiff} <strong>{file} -l eng 2&gt;&amp;1"
 68           clean_text(file + '.txt') if @clean_ocr
 69           FileUtils.remove_entry_secure tiff
 70         end
 71       else
 72         tiff = "</strong>{tempdir}/<strong>{@pdf_name}.tif"
 73         run "MAGICK_TMPDIR=</strong>{tempdir} OMP_NUM_THREADS=2 gm convert 
-despeckle #{MEMORY_ARGS} #{OCR_FLAGS} #{pdf} #{tiff} 2&gt;&amp;1"
 74         run "tesseract #{tiff} #{base_path} -l eng 2&gt;&amp;1"
 75         clean_text(base_path + '.txt') if @clean_ocr
 76       end
</pre>
<p>Run is defined as:
</p><pre> 94     def run(command)
 95       result = `#{command}`
 96       raise ExtractionFailed, result if $? != 0
 97       result
 98     end
<br>This vulnerability has been assigned 
CVE-2013-1933.<br><br>http://vapid.dhs.org/advisories/karteek-docsplit-cmd-inject.html<br></pre><h2><br></h2><pre><br><br><br></pre></div></body></html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/