OSVDB-108900 (brbackup): brbackup Gem for Ruby dbuser Variable Shell Metacharacter Injection Remote Command Execution

brbackup Gem for Ruby dbuser Variable Shell Metacharacter Injection Remote Command Execution

Published: July 09, 2014

SECURITY IDENTIFIERS

OSVDB: OSVDB-108900
Vendor Advisory: https://www.openwall.com/lists/oss-security/2014/07/10/6

GEM

brbackup

PATCHED VERSIONS

None available.

DESCRIPTION

brbackup Gem for Ruby contains a flaw that is triggered as input passed via the 'dbuser' variable is not properly sanitized. This may allow a remote attacker to inject shell metacharacters and execute arbitrary commands.

https://www.openwall.com/lists/oss-security/2014/07/10/6
https://raw.githubusercontent.com/codesake/codesake-dawn/master/Roadmap.md
http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html
http://www.vapidlabs.com/advisory.php?v=25
http://osvdb.org/show/osvdb/108900

RubySec

OSVDB-108900 (brbackup): brbackup Gem for Ruby dbuser Variable Shell Metacharacter Injection Remote Command Execution

brbackup Gem for Ruby dbuser Variable Shell Metacharacter Injection Remote Command Execution

SECURITY IDENTIFIERS

GEM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories