![]() |
|
Message-Id: <20140707181500.77CFB1A41139@me.com> Date: Mon, 7 Jul 2014 14:15:00 -0400 (EDT) From: larry0@...com (Larry W. Cashdollar) To: <oss-security@...ts.openwall.com> Subject: Vulnerability Report for Ruby Gem ciborg-3.0.0 Title: Vulnerability Report for Ruby Gem ciborg-3.0.0 Author: Larry W. Cashdollar, @_larry0 Date: 06/01/2014 OSVDB: 108586 CVE:Please Assign Download: http://rubygems.org/gems/ciborg Gem Author: commoncode@...otallabs.com From: ./ciborg-3.0.0/chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb There is a /tmp file race condition when creating /tmp/perlbrew-installer if a malicious local user creates the file first they can overwrite the contents with their own code executing it as the ciborg process owner. 014: curl -s https://raw.github.com/gugod/App-perlbrew/master/perlbrew-install -o /tmp/perlbrew-installer 15: chmod +x /tmp/perlbrew-installer 16: /tmp/perlbrew-installer Advisory: http://www.vapid.dhs.org/advisories/ciborg-3.0.0.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.