Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon,  7 Jul 2014 14:13:38 -0400 (EDT)
From: larry0@...com (Larry W. Cashdollar)
To: <oss-security@...ts.openwall.com>
Subject: Vulnerability Report for Ruby Gem cap-strap-0.1.5

Title: Vulnerability Report for Ruby Gem cap-strap-0.1.5

Author: Larry W. Cashdollar, @_larry0

Date: 06/01/2014

OSVDB: 108575

CVE:Please Assign

Download: http://rubygems.org/gems/cap-strap

Gem Author:  aaronjensen@...il.com

From: ./cap-strap-0.1.5/lib/cap-strap/helpers.rb

User supplied input isn't properly sanitized for #{user} and #{password} This can lead to command injection if this gem is used in the context of a rails application.

Secondly the password is exposed to the process table listing.   The password crypt hash is also going to have the same 'sa' salt every time.

022-def create_user(user, password)
23-  unless user_exists?(user)
24-    command = "useradd -s /bin/bash -d /home/#{user}"
25:    command << " -p `perl -e print crypt(#{password}, salt)`" unless password.empty?
26-    command << " -m #{user}"
27-    run "#{sudo} #{command}"
28-  end


Advisory: http://www.vapid.dhs.org/advisories/cap-strap-0.1.5.html

Title: Vulnerability Report for Ruby Gem cap-strap-0.1.5

Author: Larry W. Cashdollar, @_larry0

Date: 06/01/2014

OSVDB: 108575

CVE:Please Assign

Download: http://rubygems.org/gems/cap-strap

Gem Author:  aaronjensen@...il.com

From: ./cap-strap-0.1.5/lib/cap-strap/helpers.rb

User supplied input isn't properly sanitized for #{user} and #{password} This can lead to command injection if this gem is used in the context of a rails application.

Secondly the password is exposed to the process table listing.   The password crypt hash is also going to have the same 'sa' salt every time.

022-def create_user(user, password)
23-  unless user_exists?(user)
24-    command = "useradd -s /bin/bash -d /home/#{user}"
25:    command << " -p `perl -e print crypt(#{password}, salt)`" unless password.empty?
26-    command << " -m #{user}"
27-    run "#{sudo} #{command}"
28-  end


Advisory: http://www.vapid.dhs.org/advisories/cap-strap-0.1.5.html

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ