Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Mar 2013 17:59:45 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: larry Cashdollar <larry0@...com>
Subject: Re: Ruby gem Thumbshooter 0.1.5 remote code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/26/2013 05:23 AM, larry Cashdollar wrote:
> Ruby gem Thumbshooter 0.1.5 remote code execution
> 
> 3/25/2013 Generates thumbshots of URLs by using Webkit and QT4.
> 
> https://github.com/digineo/thumbshooter
> 
> Specially crafted URLs can result in remote code execution if the
> URL contains shell metacharacters.
> 
> We see that the url is passed directly to the shell in the
> following code snippet from
> ./thumbshooter-0.1.5/lib/thumbshooter.rb lines:
> 
> 1012 command << "xvfb-run -a --server-args='-screen 0,
> #{screen}x24' " 1015 command << "{WEBKIT2PNG} '{url}' {args}" 1017
> img = `{command} 2>&1` Larry W. Cashdollar @_larry0 
> http://vapid.dhs.org/advisories/thumbshooter-ruby-gem-remoteexec.html

Please
> 
use CVE-2013-1898 for this issue.

> Larry C$

I gotta ask, what's with the name?




- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRUjZxAAoJEBYNRVNeJnmT7UsQAKyyqS2vP8+KTvtM1qIXmJED
lvbyZrMXgiQsj7kn1b8XwpEz8x9oI+h/DJjSrz0DVEZ65HnwQBmmf7ao45ssT265
jnExud8o7N+9MoolmVAEPidCyINno+ZrHl5BKYEmKJCwzDBEB8ij8UpBgX521sG4
5HIRzyZ194jWHlFO7Y0GPkYUDiXjr0cec8DazJherjfnDJTdssUB8WLXu4rjLKFA
BBiDErr3MtbGu2WVoBC07SlyG1aNnhAmkt0Hx2nA+mSo150qQ8MzDQFlrYTS8ls4
sSRP9AhXEKrEFR9WKtHDhi407Xf+6BHCluhQOaKt01Cl6w381wZZNwuWYwHLSBEF
uCSw6FEVjrZM6xTJ3I40D6aRwt5SyN1kaOA/v1IHRVkZrnRoHrGJSnsjeKP5gEKs
lytNnxT5q6VXyR4OpkwWITrstGc02l1y95cGsG9zhtaiDJz2NiWZG28f83pP3JUq
yxm2m2sLqqEd2D8cMtBdbT0F9b9JF+aANneoED460zGqzwLAlasnh6pKFK8kHf/F
TFN1G6gHa19g6VOucjGwqeSpay+cVasveR4GA0tsGx+vTOuZi03gfMrjTulKrqej
925V3l5xpWDWgPINN0Uf002ons+a1DSLMWyH7eXT5f70X+A5Wj03gX84/7zRLyqf
ZZNgKWuPTKdwOoKKHqHC
=7Yra
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.