Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 30 Jan 2014 13:22:26 -0500
From: "Larry W. Cashdollar" <larry0@...com>
To: oss-security@...ts.openwall.com
Subject: echor 0.1.6 Ruby Gem exposes login credentials

Title: echor 0.1.6 Ruby Gem exposes login credentials

Date: 1/14/2014

CVE: Please assign one.

Author: Larry W. Cashdollar, @_larry0

Download: http://rubygems.org/gems/echor

Description: Echo ruby wrapper

Vulnerability
in file echor-0.1.6/lib/echor/backplane.rb:
The function perform_request passes sensitive data to the shell and unsanitized user input, if this gem is used in a rails application a user could get remote command injection simply by putting a semi-colon in their username or password. At a minimum a local user can steal the login credentials just by watching the process table on the system.

 45     def perform_request(data)
 46       JSON.parse(`curl -u 
{Echo.backplane_user}:
{Echo.backplane_password}     --data-binary '#{data}' #{@...nnel}`)
 47     end

Vendor: Not notified, I don't think this Gem is maintained anymore.

Advisory: http://www.vapid.dhs.org/advisories/echor-expose-login-creds.html

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ