[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4
- To: full <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4
- From: "Larry W. Cashdollar" <larry0@xxxxxx>
- Date: Tue, 09 Apr 2013 15:11:32 +0000 (GMT)
<html><body><div><h2>Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4
</h2>
<hr>
<p>4/1/2013<br>
Larry W. Cashdollar<br>
@_larry0
</p>
<p>User supplied input isn't sanitized against shell metacharacters and
is fed directly to the shell. If the user is tricked into extracting a
file with shell characters in the name code can be executed remotely.
</p>
<p><a
href="https://rubygems.org/gems/karteek-docsplit">https://rubygems.org/gems/karteek-docsplit</a>
</p>
<p>./karteek-docsplit-0.5.4/lib/docsplit/text_extractor.rb
</p>
<pre> 59 def extract_from_ocr(pdf, pages)
60 tempdir = Dir.mktmpdir
61 base_path = File.join(@output, @pdf_name)
62 if pages
63 pages.each do |page|
64 tiff =
"<strong>{tempdir}/</strong>{@pdf_name}<u><strong>{page}.tif"
65 file = "</strong>{base</u>path}<u><strong>{page}"
66 run "MAGICK</strong></u><strong>TMPDIR=</strong>{tempdir}
OMP_NUM_THREADS=2 gm convert -despeckle +adjoin #{MEMORY_ARGS} #{OCR_FLAGS}
<strong>{pdf}[</strong>{page - 1}] #{tiff} 2>&1"
67 run "tesseract #{tiff} <strong>{file} -l eng 2>&1"
68 clean_text(file + '.txt') if @clean_ocr
69 FileUtils.remove_entry_secure tiff
70 end
71 else
72 tiff = "</strong>{tempdir}/<strong>{@pdf_name}.tif"
73 run "MAGICK_TMPDIR=</strong>{tempdir} OMP_NUM_THREADS=2 gm convert
-despeckle #{MEMORY_ARGS} #{OCR_FLAGS} #{pdf} #{tiff} 2>&1"
74 run "tesseract #{tiff} #{base_path} -l eng 2>&1"
75 clean_text(base_path + '.txt') if @clean_ocr
76 end
</pre>
<p>Run is defined as:
</p><pre> 94 def run(command)
95 result = `#{command}`
96 raise ExtractionFailed, result if $? != 0
97 result
98 end
<br>This vulnerability has been assigned
CVE-2013-1933.<br><br>http://vapid.dhs.org/advisories/karteek-docsplit-cmd-inject.html<br></pre><h2><br></h2><pre><br><br><br></pre></div></body></html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/