[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Rgpg 0.2.2 Ruby Gem Remote Command Injection

To: full <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Rgpg 0.2.2 Ruby Gem Remote Command Injection
From: "Larry W. Cashdollar" <larry0@xxxxxx>
Date: Sat, 03 Aug 2013 08:54:40 +0000 (GMT)

<html><body><div><p style="font-family: Times; font-size: 
medium;">Title:&nbsp;<b>Rgpg 0.2.2 Ruby Gem Remote Command Injection</b></p><p 
style="font-family: Times; font-size: medium;"><br></p><p style="font-family: 
Times; font-size: medium;">Date: 7/31/2013</p><p style="font-family: Times; 
font-size: medium;"><br></p><p style="font-family: Times; font-size: 
medium;">Advisory Author: Larry W. Cashdollar, @_larry0</p><p 
style="font-family: Times; font-size: medium;"><br></p><p style="font-family: 
Times; font-size: medium;">CVE: CVE-2013-4203</p><p style="font-family: Times; 
font-size: medium;"><br></p><p style="font-family: Times; font-size: 
medium;">Download: https://rubygems.org/gems/rgpg</p><p style="font-family: 
Times; font-size: medium;"><br></p><p style="font-family: Times; font-size: 
medium;">Description:</p><p style="font-family: Times; font-size: medium;">"A 
simple Ruby wrapper around gpg command for file encryption.</p><p 
style="font-family: Times; font-size: medium;">rgpg is a simple API for 
interacting with the gpg tool. It is specifically designed to avoid altering 
global keyring state by creating temporary public and secret keyrings on the 
fly for encryption and decryption."</p><p style="font-family: Times; font-size: 
medium;"><br></p><p style="font-family: Times; font-size: 
medium;">Vulnerability:</p><p style="font-family: Times; font-size: 
medium;">The following code snippet does not sanitize user supplied input 
before passing it to the System () function for execution. If this ApI is used 
in the context of a rails application remote commands can be injected into the 
shell.</p><pre>in lib/rgpg/gpg_helper.rb:

 68       begin
 69         output<em>file.close
 70         result = system("#{command</em>line} &gt; #{output_file.path} 
2&gt;&amp;1")
 71       ensure</pre><p style="font-family: Times; font-size: medium;">Author: 
Notified 8/1/2013.</p><p style="font-family: Times; font-size: 
medium;"><br></p><p style="font-family: Times; font-size: medium;">Fixed: in 
0.2.3. 8/1/2013.</p><p style="font-family: Times; font-size: 
medium;"><br></p><p><font face="Times" size="3">URL: 
http://vapid.dhs.org/advisories/rgpg-api-rubygem-cmd-inj.html</font></p><p><font
 face="Times" size="3"><br></font></p><p style="font-family: Times; font-size: 
medium;">Greets to all at DEFCON21.</p></div></body></html>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] I'm the best and that's all that matters
Next by Date: [Full-disclosure] [SECURITY] [DSA 2732-1] chromium-browser security update
Previous by thread: [Full-disclosure] [SECURITY] [DSA 2733-1] otrs2 security update
Next by thread: [Full-disclosure] [SECURITY] [DSA 2732-1] chromium-browser security update
Index(es):
- Date
- Thread