Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon,  7 Jul 2014 14:13:41 -0400 (EDT)
From: (Larry W. Cashdollar)
To: <>
Subject: Vulnerability Report for Ruby Gem codders-dataset-

Title: Vulnerability Report for Ruby Gem codders-dataset-

Author: Larry W. Cashdollar, @_larry0

Date: 06/01/2014

OSVDB: 108583

CVE:Please Assign


Gem Author:

From: ./codders-dataset-

Lines 18 and 24 expose the password to the process table, and are vulnerable to command injection if used in the context of a rails application.  The #{@...rname} and #{@...sword} variables aren't properly sanitized before being passed to the command line.

16-      def capture(datasets)
17-        return if datasets.nil? || datasets.empty?
18:        `mysqldump -u #{@...rname} --password=#{@...sword} --compact --extended-insert --no-create-db --add-drop-table --quick --quote-names #{@...abase} > #{storage_path(datasets)}`
19-      end
21-      def restore(datasets)
22-        store = storage_path(datasets)
23-        if File.file?(store)
24:          `mysql -u #{@...rname} --password=#{@...sword} --database=#{@...abase} < #{store}`
25-          true
26-        end
27-      end


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ