[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: Command Injection in Ruby Gem Sounder 1.0.1
From:       cve-assign () mitre ! org
Date:       2013-08-29 3:13:25
Message-ID: 201308290313.r7T3DPQf020100 () linus ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Download: https://rubygems.org/gems/sounder
> 
> lib/sounder/sound.rb:
> 
>     def play
>       system %{/usr/bin/afplay "#{@...e}" &}
> 
> @file = "\"id;/usr/bin/id>/tmp/p;\""
> system %{/bin/echo "#{@...e}" }
> 
> Advisory:  http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html

Use CVE-2013-5647.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSHrqaAAoJEGvefgSNfHMd/c8IAI/FoAwZOdJOzRmo7bpMahwM
TaA9HfVzBeFd4+ETnkxSE8mC3i88b71nodYp5rW/TRW29VWnISTdSrSojsHaaUSq
0z2BSDI8QyMnokFdCdAKvCOjglmrcz2yRtdHd1hkF9mwMe7Su/9JOLDxnM9IEjmF
v+MNewRCWBfN87eALGOA2n8DbVKiXHYwaMPMwhImz94BM+yt+LoyAOAAV17h1jy/
U1HJrG1VcwTAbHFp444gtnwNuzo6MZjoY1gLBfv4MmJiO5vFtLd/W9DaT6S7PUug
0FO2ov//HbfgdJgcXzaMqpfamQxKoCseFsDwg/76XtyHrEDW1AIGc9ak7+oEJYI=
=2al5
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]