Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem
From: cve-assign () mitre org
Date: Sun, 1 Sep 2013 12:25:17 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem
Download: https://rubygems.org/gems/fog-dragonfly

"Dragonfly is an on-the-fly Rack-based image handling framework. It is
suitable for use with Rails, Sinatra and other web frameworks.

Unescaped user supplied input is passed to the command line for shell
execution

fog-dragonfly-0.8.2/lib/dragonfly/imagemagickutils.rb:

20     def convert(tempobject, args='', format=nil)
21       tempfile = newtempfile(format)
22       run "#{convertcommand} #{args} #{tempobject.path} #{tempfile.path}"
23       tempfile
24     end


61     def run(command)
62       log.debug("Running command: #{command}") if ImageMagickUtils.log_commands
63       begin
64         result = #{command}

Use CVE-2013-5671 for this vulnerability in the fog-dragonfly gem. As
far as we can tell, this is a vulnerability in the fog-dragonfly gem,
not a vulnerability in Dragonfly. We found these possibly related
fixes in Dragonfly:

  
https://github.com/markevans/dragonfly/commit/ff141bb1d921fff506084b62a562f7a83d5e01fe#lib/dragonfly/image_magick/utils.rb

  https://github.com/markevans/dragonfly/commit/47f95bd6b8af11fb0a44d6ab1c6f7d00d880cb68

If the unpatched Dragonfly code has a vulnerability in a common use
case, this would require a separate CVE ID.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSI2XoAAoJEGvefgSNfHMdv0oH/j0G7m0PMSwn1FvIcVpR39EP
yKTuTfa9I5MSr2DXejQQ+5lhJN7eTJwjOTPETpGOu0BkDgMkRvcuw81PqgVwkWXc
bT8DfNM/cO4vM3UjTJiTKYinVRMl3xsjGVzkwxV0E1mYhjbjrKGNUMgzjNPsSnja
eNYC26v2UDLn3Jw8K7qXTk+ytgFqOE+MiA/KDXBvm6fB1SBOoeeaMGU7NNdCw8A9
95TdYNzYE3JL7V0zz/5oidqkg0hlznK21KR01hUJK0s/U60rdzgA/73O+g8XSP4q
vyqN0ykgSDodfAt6JsONR/5wzaXTmc25ZXaB3wMGG9yUxFZiORzVGSsWJ7mlad0=
=SUlN
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault