[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: Command Injection in Ruby Gem Sounder 1.0.1
From: cve-assign () mitre ! org
Date: 2013-08-29 3:13:25
Message-ID: 201308290313.r7T3DPQf020100 () linus ! mitre ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Download: https://rubygems.org/gems/sounder
>
> lib/sounder/sound.rb:
>
> def play
> system %{/usr/bin/afplay "#{@...e}" &}
>
> @file = "\"id;/usr/bin/id>/tmp/p;\""
> system %{/bin/echo "#{@...e}" }
>
> Advisory: http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html
Use CVE-2013-5647.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJSHrqaAAoJEGvefgSNfHMd/c8IAI/FoAwZOdJOzRmo7bpMahwM
TaA9HfVzBeFd4+ETnkxSE8mC3i88b71nodYp5rW/TRW29VWnISTdSrSojsHaaUSq
0z2BSDI8QyMnokFdCdAKvCOjglmrcz2yRtdHd1hkF9mwMe7Su/9JOLDxnM9IEjmF
v+MNewRCWBfN87eALGOA2n8DbVKiXHYwaMPMwhImz94BM+yt+LoyAOAAV17h1jy/
U1HJrG1VcwTAbHFp444gtnwNuzo6MZjoY1gLBfv4MmJiO5vFtLd/W9DaT6S7PUug
0FO2ov//HbfgdJgcXzaMqpfamQxKoCseFsDwg/76XtyHrEDW1AIGc9ak7+oEJYI=
=2al5
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic