Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 2 Aug 2015 18:27:47 -0700
From: Reed Loden <reed@...dloden.com>
To: oss-security@...ts.openwall.com, 
	Assign a CVE Identifier <cve-assign@...re.org>
Subject: Re: CVE request: Command injection in ruby gem ruby-saml <1.0.0

Any update on a CVE assignment for this?

~reed

On Thu, Jul 9, 2015 at 11:18 AM, Reed Loden <reed@...dloden.com> wrote:

> A follow-up to my previous CVE request. Looked into "Fix xpath injection
> on xml_security.rb" some more.
>
> https://github.com/onelogin/ruby-saml/pull/225#issuecomment-120084288
>
>
> https://github.com/onelogin/ruby-saml/commit/1b4e3dd6d2d44efa629144b2180842456bfb2a0f#diff-661b9d9743a3ff77661f224c6191165cL242
>
> Looks like lack of prepared statements allow for possible command
> injection, leading to arbitrary code execution (via something like eval()).
>
> Related to https://github.com/onelogin/ruby-saml/pull/183 /
> http://osvdb.org/show/osvdb/117903 (which doesn't seem to have a CVE
> assigned either as far as I can tell). Reference for that is
> https://security.dxw.com/advisories/publicly-exploitable-command-injection-in-ruby-saml-0-7-2-library-can-root-the-host/
> .
>
> ~reed
>
>
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ