OSVDB-108570 (backup_checksum): backup_checksum Gem for Ruby /lib/backup/cli/utility.rb Metacharacter Handling Remote Command Execution

backup_checksum Gem for Ruby /lib/backup/cli/utility.rb Metacharacter Handling Remote Command Execution

Published: June 30, 2014

SECURITY IDENTIFIERS

OSVDB: OSVDB-108570
Vendor Advisory: https://www.openwall.com/lists/oss-security/2014/07/07/12

GEM

backup_checksum

PATCHED VERSIONS

None available.

DESCRIPTION

backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.

https://www.openwall.com/lists/oss-security/2014/07/07/12
https://my.diffend.io/gems/backup_checksum/3.0.23
https://github.com/backup/backup
http://osvdb.org/show/osvdb/108570

RubySec

OSVDB-108570 (backup_checksum): backup_checksum Gem for Ruby /lib/backup/cli/utility.rb Metacharacter Handling Remote Command Execution

backup_checksum Gem for Ruby /lib/backup/cli/utility.rb Metacharacter Handling Remote Command Execution

SECURITY IDENTIFIERS

GEM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories