OSVDB-108594 (gnms): gnms Gem for Ruby /lib/cmd_parse.rb ip Variable Shell Metacharacter Handling Remote Command Injection

gnms Gem for Ruby /lib/cmd_parse.rb ip Variable Shell Metacharacter Handling Remote Command Injection

Published: June 30, 2014

SECURITY IDENTIFIERS

OSVDB: OSVDB-108594
Vendor Advisory: http://www.vapidlabs.com/advisories/gnms-2.1.1.html

GEM

gnms

PATCHED VERSIONS

None available.

DESCRIPTION

gnms Gem for Ruby contains a flaw in /lib/cmd_parse.rb that is triggered when handling shell metacharacters passed via the 'ip' variable. This may allow a remote attacker to inject arbitrary commands.

http://www.vapidlabs.com/advisories/gnms-2.1.1.html
http://www.vapidlabs.com/advisory.php?v=55
http://osvdb.org/show/osvdb/108594

RubySec

OSVDB-108594 (gnms): gnms Gem for Ruby /lib/cmd_parse.rb ip Variable Shell Metacharacter Handling Remote Command Injection

gnms Gem for Ruby /lib/cmd_parse.rb ip Variable Shell Metacharacter Handling Remote Command Injection

SECURITY IDENTIFIERS

GEM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories