Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Ruby gem Thumbshooter 0.1.5 remote code execution
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 26 Mar 2013 17:59:45 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/26/2013 05:23 AM, larry Cashdollar wrote:
Ruby gem Thumbshooter 0.1.5 remote code execution

3/25/2013 Generates thumbshots of URLs by using Webkit and QT4.

https://github.com/digineo/thumbshooter

Specially crafted URLs can result in remote code execution if the
URL contains shell metacharacters.

We see that the url is passed directly to the shell in the
following code snippet from
./thumbshooter-0.1.5/lib/thumbshooter.rb lines:

1012 command << "xvfb-run -a --server-args='-screen 0,
#{screen}x24' " 1015 command << "{WEBKIT2PNG} '{url}' {args}" 1017
img = `{command} 2>&1` Larry W. Cashdollar @_larry0 
http://vapid.dhs.org/advisories/thumbshooter-ruby-gem-remoteexec.html

Please

use CVE-2013-1898 for this issue.

Larry C$

I gotta ask, what's with the name?




- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRUjZxAAoJEBYNRVNeJnmT7UsQAKyyqS2vP8+KTvtM1qIXmJED
lvbyZrMXgiQsj7kn1b8XwpEz8x9oI+h/DJjSrz0DVEZ65HnwQBmmf7ao45ssT265
jnExud8o7N+9MoolmVAEPidCyINno+ZrHl5BKYEmKJCwzDBEB8ij8UpBgX521sG4
5HIRzyZ194jWHlFO7Y0GPkYUDiXjr0cec8DazJherjfnDJTdssUB8WLXu4rjLKFA
BBiDErr3MtbGu2WVoBC07SlyG1aNnhAmkt0Hx2nA+mSo150qQ8MzDQFlrYTS8ls4
sSRP9AhXEKrEFR9WKtHDhi407Xf+6BHCluhQOaKt01Cl6w381wZZNwuWYwHLSBEF
uCSw6FEVjrZM6xTJ3I40D6aRwt5SyN1kaOA/v1IHRVkZrnRoHrGJSnsjeKP5gEKs
lytNnxT5q6VXyR4OpkwWITrstGc02l1y95cGsG9zhtaiDJz2NiWZG28f83pP3JUq
yxm2m2sLqqEd2D8cMtBdbT0F9b9JF+aANneoED460zGqzwLAlasnh6pKFK8kHf/F
TFN1G6gHa19g6VOucjGwqeSpay+cVasveR4GA0tsGx+vTOuZi03gfMrjTulKrqej
925V3l5xpWDWgPINN0Uf002ons+a1DSLMWyH7eXT5f70X+A5Wj03gX84/7zRLyqf
ZZNgKWuPTKdwOoKKHqHC
=7Yra
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]