Title: Vulnerability Report for Ruby Gem backup-agoddard-3.0.28 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2014-06-01 |
CVE-ID:[CVE-2014-4993] |
CWE: |
Download Site: http://rubygems.org/gems/backup-agoddard |
Vendor: ]anthonygoddard.com |
Vendor Notified: 2014-06-25 |
Vendor Contact: anthony[at]anthonygoddard.com |
Advisory: http://www.vapid.dhs.org/advisories/backup-agoddard-3.0.28.html |
Description: Backup is a RubyGem, written for UNIX-like operating systems, that allows you to easily perform backup operations on both your remote and local environments. It provides you with an elegant DSL in Ruby for modeling your backups. Backup has built-in support for various databases, storage protocols/services, syncers, compressors, encryptors and notifiers which you can mix and match. It was built with modularity, extensibility and simplicity in mind. |
Vulnerability: From: ./backup-agoddard-3.0.28/lib/backup/cli/utility.rb
Lines 178 and 180 exposed the password to the process table, they are also remote command injection points if this gem is used in the context of a rails application as the user input isn't properly sanitized.
0175- base64 = options[:base64] ? -base64 :
176- password = options[:password_file].empty? ? : "-pass file:#{options[:password_file]}"
177- salt = options[:salt] ? -salt :
178: %x[openssl aes-256-cbc -d #{base64} #{password} #{salt} -in #{options[:in]} -out #{options[:out]}]
179- when gpg
180: %x[gpg -o #{options[:out]} -d #{options[:in]}]
181- else
182- puts "Unknown encryptor: #{options[:encryptor]}"
183- puts "Use either openssl or gpg."
--
224- puts "Please wait..\n\n"
226- end
227-
228- if options[:installed]
230- end
231- end
232- |
Export: JSON TEXT XML |
Exploit Code: |
Screen Shots: |
Notes: 108578 |
Larry W. Cashdollar
Larry Cashdollar
Larry W. Cashdollar vulnerability
Larry Cashdollar advisory