|
Message-ID: <51928DD4.8040407@redhat.com> Date: Tue, 14 May 2013 13:17:40 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: "Larry W. Cashdollar" <larry0@...com> Subject: Re: Remote command Injection in Creme Fraiche 0.6 Ruby Gem -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/14/2013 10:59 AM, Larry W. Cashdollar wrote: > TITLE: *Remote command Injection in Creme Fraiche 0.6 Ruby Gem* > > DATE: 5/14/2013 > > AUTHOR: Larry W. Cashdollar (@_larry0) > > DOWNLOAD: http://rubygems.org/gems/cremefraiche, > http://www.uplawski.eu/technology/cremefraiche/ > > DESCRIPTION: Converts Email to PDF files. > > VENDOR: Notifed on 5/13/2013, provided fix 5/14/2013 > > FIX: In Version 0.6.1 > > CVE: TBD (please assign?) > > DETAILS: The following lines pass unsanitized user input directly > to the command line. > > A malicious email attachment with a file name consisting of shell > metacharacters could inject commands into the shell. > > If the attacker is allowed to specify a filename (via a web gui) > commands could be injected that way as well. > > 218 cmd = "pdftk %s update/info %s output %s" %[pdf, info/file, > t/file] 219 @log.debug('pdftk-command is ' << cmd) 220 pdftk/result > = system( cmd) > > > GREETINGS: > @vladz,@quine,@BrandonTansey,@sushidude,@jkouns,@sub_space and > @attritionorg > > ADVISORY: > http://vapid.dhs.org/advisories/cremefraiche-cmd-inj.html > Please use CVE-2013-2090 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRko3UAAoJEBYNRVNeJnmTytsP/0o3nhU7ZgjyPX8RXjlpJ/ub sBgcAAv/Zl+x2jntMqnqlNWGPYIRvGrmAKJqxOk+4zdjjd5C/kL/HoW8msM5M2p+ U2V1irC/+YJ1+CY4Em9jPrfAQhE8KqOSBoqbPy3hG15yo65RIR2Bn4dz3dSZKk8x R2SDTCiqO9LuP3wAYjwxHEQ8d4H0M8QZ/CwuSGFFKB6GRejZHFVXNYxKoiAxqU2u T8nh1rbjKAoe0JeJVuNW6rqPtpPrJgT0X7Q6xAzNtoyRYjO6EnQmloWqXiX7YoGA Vuukjt7wpzAWjYxkLZxGY3zGNJ1QhNm1L5+/bDRUCKLT3/h3HgliDo/OBGP8jQ2x 77+lsp2un6DF5iFmCRncaTURTWN9OBD7nKHZvxVtoPAWRfW4CgUSoKjRt1dT/29h Bz2b+Xc7/IJo4z7AB8kkseE2gdpjUzot+yEzBvCTKbFOHOhZoMRJ4yfL8QexZ8wK o2uym+OVX/2vLGZVlMF48m5LJShWxykwNjMSk1uolTyTXGRfsvRiU2MTGAGw51fZ wWmBtHOfEhMF7D+6tEqTe3T1hi/79l1Iu06X//GS0q0+UO8aUBJGz9oalil6TZDU tA38nMX1eEU12hJKj22oACAUfaDDTukHA0SSgyCHOmXWkIzwJRXzQo6jI6cBymDs MdyaHEUbaTVtQlQilqp8 =pHRy -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.