|
Message-ID: <51523671.2060005@redhat.com> Date: Tue, 26 Mar 2013 17:59:45 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: larry Cashdollar <larry0@...com> Subject: Re: Ruby gem Thumbshooter 0.1.5 remote code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/26/2013 05:23 AM, larry Cashdollar wrote: > Ruby gem Thumbshooter 0.1.5 remote code execution > > 3/25/2013 Generates thumbshots of URLs by using Webkit and QT4. > > https://github.com/digineo/thumbshooter > > Specially crafted URLs can result in remote code execution if the > URL contains shell metacharacters. > > We see that the url is passed directly to the shell in the > following code snippet from > ./thumbshooter-0.1.5/lib/thumbshooter.rb lines: > > 1012 command << "xvfb-run -a --server-args='-screen 0, > #{screen}x24' " 1015 command << "{WEBKIT2PNG} '{url}' {args}" 1017 > img = `{command} 2>&1` Larry W. Cashdollar @_larry0 > http://vapid.dhs.org/advisories/thumbshooter-ruby-gem-remoteexec.html Please > use CVE-2013-1898 for this issue. > Larry C$ I gotta ask, what's with the name? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRUjZxAAoJEBYNRVNeJnmT7UsQAKyyqS2vP8+KTvtM1qIXmJED lvbyZrMXgiQsj7kn1b8XwpEz8x9oI+h/DJjSrz0DVEZ65HnwQBmmf7ao45ssT265 jnExud8o7N+9MoolmVAEPidCyINno+ZrHl5BKYEmKJCwzDBEB8ij8UpBgX521sG4 5HIRzyZ194jWHlFO7Y0GPkYUDiXjr0cec8DazJherjfnDJTdssUB8WLXu4rjLKFA BBiDErr3MtbGu2WVoBC07SlyG1aNnhAmkt0Hx2nA+mSo150qQ8MzDQFlrYTS8ls4 sSRP9AhXEKrEFR9WKtHDhi407Xf+6BHCluhQOaKt01Cl6w381wZZNwuWYwHLSBEF uCSw6FEVjrZM6xTJ3I40D6aRwt5SyN1kaOA/v1IHRVkZrnRoHrGJSnsjeKP5gEKs lytNnxT5q6VXyR4OpkwWITrstGc02l1y95cGsG9zhtaiDJz2NiWZG28f83pP3JUq yxm2m2sLqqEd2D8cMtBdbT0F9b9JF+aANneoED460zGqzwLAlasnh6pKFK8kHf/F TFN1G6gHa19g6VOucjGwqeSpay+cVasveR4GA0tsGx+vTOuZi03gfMrjTulKrqej 925V3l5xpWDWgPINN0Uf002ons+a1DSLMWyH7eXT5f70X+A5Wj03gX84/7zRLyqf ZZNgKWuPTKdwOoKKHqHC =7Yra -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.