Title: Command Injection, Exposing Password Credentials to the process table.
Author: Larry W. Cashdollar
Date: 2/17/2015
Download: https://rubygems.org/downloads/cloud66-backup-3.0.25.gem
Vulnerability: Various remote command injection for user supplied password
being passed to the shell during execution of openssl command.

+--------------------[./cloud66-backup-3.0.25/lib/backup/cli/utility.rb]-------------------+
175-          base64   = options[:base64] ? '-base64' : ''
176-          password = options[:password_file].empty? ? '' : "-pass file:#{options[:password_file]}"
177-          salt     = options[:salt] ? '-salt' : ''
178:          %x[openssl aes-256-cbc -d #{base64} #{password} #{salt} -in '#{options[:in]}' -out '#{options[:out]}']
179-        when 'gpg'
180:          %x[gpg -o '#{options[:out]}' -d '#{options[:in]}']
181-        else
182-          puts "Unknown encryptor: #{options[:encryptor]}"
183-          puts "Use either 'openssl' or 'gpg'."
--
222-          puts "If this doesn't work, please issue the following command yourself:\n\n"
223-          puts "  gem install #{options[:install]} -v '#{Backup::Dependency.all[options[:install]][:version]}'\n\n"
224-          puts "Please wait..\n\n"
225:          puts %x[gem install #{options[:install]} -v '#{Backup::Dependency.all[options[:install]][:version]}']
226-        end
227-
228-        if options[:installed]
229:          puts %x[gem list -i -v '#{Backup::Dependency.all[options[:installed]][:version]}' #{options[:installed]}]
230-        end
231-      end
232-
+---------------------------------------------------------------------+