| Title: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 |
| Author: Larry W. Cashdollar, @_larry0 |
| Date: 2014-06-01 |
| CVE-ID:[CVE-2014-4991] |
| CWE: |
| Download Site: http://rubygems.org/gems/codders-dataset |
| Vendor: octomonkey.org.uk |
| Vendor Notified: 2014-06-25 |
| Vendor Contact: codders[at]octomonkey.org.uk |
| Advisory: http://www.vapid.dhs.org/advisories/codders-dataset-1.3.2.1.html |
| Description: A simple API for creating and finding sets of data in your database, built on ActiveRecord. |
| Vulnerability: From: ./codders-dataset-1.3.2.1/lib/dataset/database/mysql.rb
Lines 18 and 24 expose the password to the process table, and are vulnerable to command injection if used in the context of a rails application. The #{@username} and #{@password} variables aren't properly sanitized before being passed to the command line.
015-
16- def capture(datasets)
17- return if datasets.nil? || datasets.empty?
18: `mysqldump -u {@username} --password={@password} --compact --extended-insert --no-create-db --add-drop-table --quick --quote-names #{@database} > #{storage_path(datasets)}`
19- end
20-
21- def restore(datasets)
22- store = storage_path(datasets)
23- if File.file?(store)
24: `mysql -u {@username} --password={@password} --database=#{@database} < #{store}`
25- true
26- end
27- end
|
| Export: JSON TEXT XML |
| Exploit Code: |
| Screen Shots: |
Notes: 108583 |
Larry W. Cashdollar
Larry Cashdollar
Larry W. Cashdollar vulnerability
Larry Cashdollar advisory