oss-security - Vulnerability Report for Ruby Gem karo-2.3.8

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Date: Mon,  7 Jul 2014 14:14:36 -0400 (EDT)
From: larry0@...com (Larry W. Cashdollar)
To: <oss-security@...ts.openwall.com>
Subject: Vulnerability Report for Ruby Gem karo-2.3.8

Title: Vulnerability Report for Ruby Gem karo-2.3.8

Author: Larry W. Cashdollar, @_larry0

Date: 06/01/2014

OSVDB: 108573

CVE:Please Assign

Download: http://rubygems.org/gems/karo

Gem Author:  rahul.trikha@...il.com

From: ./karo-2.3.8/lib/karo/db.rb

Line 76 and 95 passes unsanitized user supplied input to the command line.  If this gem is used in the context of a rails application malicious input could lead to remote command injection.

073-      host = "#{@...figuration["user"]}@#{@...figuration["host"]}"
74-      cmd  = "ssh #{host} cat #{server_db_config_file}"
75-
76:      server_db_config_output = `#{cmd}`
79-
--
89-    def drop_and_create_local_database(local_db_config)
90-      command = case local_db_config["adapter"]
91-      when "mysql2"
93-      when "postgresql"
95-          dropdb -h #{local_db_config["host"]} -U #{local_db_config["username"]} --if-exists #{local_db_config["database"]}

Advisory: http://www.vapid.dhs.org/advisories/karo-2.3.8.html

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.