Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Mar 2013 17:59:45 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: larry Cashdollar <larry0@...com>
Subject: Re: Ruby gem Thumbshooter 0.1.5 remote code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/26/2013 05:23 AM, larry Cashdollar wrote:
> Ruby gem Thumbshooter 0.1.5 remote code execution
> 
> 3/25/2013 Generates thumbshots of URLs by using Webkit and QT4.
> 
> https://github.com/digineo/thumbshooter
> 
> Specially crafted URLs can result in remote code execution if the
> URL contains shell metacharacters.
> 
> We see that the url is passed directly to the shell in the
> following code snippet from
> ./thumbshooter-0.1.5/lib/thumbshooter.rb lines:
> 
> 1012 command << "xvfb-run -a --server-args='-screen 0,
> #{screen}x24' " 1015 command << "{WEBKIT2PNG} '{url}' {args}" 1017
> img = `{command} 2>&1` Larry W. Cashdollar @_larry0 
> http://vapid.dhs.org/advisories/thumbshooter-ruby-gem-remoteexec.html

Please
> 
use CVE-2013-1898 for this issue.

> Larry C$

I gotta ask, what's with the name?




- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRUjZxAAoJEBYNRVNeJnmT7UsQAKyyqS2vP8+KTvtM1qIXmJED
lvbyZrMXgiQsj7kn1b8XwpEz8x9oI+h/DJjSrz0DVEZ65HnwQBmmf7ao45ssT265
jnExud8o7N+9MoolmVAEPidCyINno+ZrHl5BKYEmKJCwzDBEB8ij8UpBgX521sG4
5HIRzyZ194jWHlFO7Y0GPkYUDiXjr0cec8DazJherjfnDJTdssUB8WLXu4rjLKFA
BBiDErr3MtbGu2WVoBC07SlyG1aNnhAmkt0Hx2nA+mSo150qQ8MzDQFlrYTS8ls4
sSRP9AhXEKrEFR9WKtHDhi407Xf+6BHCluhQOaKt01Cl6w381wZZNwuWYwHLSBEF
uCSw6FEVjrZM6xTJ3I40D6aRwt5SyN1kaOA/v1IHRVkZrnRoHrGJSnsjeKP5gEKs
lytNnxT5q6VXyR4OpkwWITrstGc02l1y95cGsG9zhtaiDJz2NiWZG28f83pP3JUq
yxm2m2sLqqEd2D8cMtBdbT0F9b9JF+aANneoED460zGqzwLAlasnh6pKFK8kHf/F
TFN1G6gHa19g6VOucjGwqeSpay+cVasveR4GA0tsGx+vTOuZi03gfMrjTulKrqej
925V3l5xpWDWgPINN0Uf002ons+a1DSLMWyH7eXT5f70X+A5Wj03gX84/7zRLyqf
ZZNgKWuPTKdwOoKKHqHC
=7Yra
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ