Project

General

Profile

Actions

Bug #14205

closed

Unsanitizied filename leads to command injection in 'resolv.rb'

Added by drigg3r (Jasraj Bedi) about 7 years ago. Updated about 7 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:84347]

Description

Here is the pull request
https://github.com/ruby/ruby/pull/1777

Updated by drigg3r (Jasraj Bedi) about 7 years ago

  • Subject changed from Unsanitizied filename leads to command injection in 'resolv' to Unsanitizied filename leads to command injection in 'resolv.rb'

PoC Concept Code

require 'resolv'
a = Resolv::Hosts::new("|echo 1 > /tmp/rce")
a.getaddress("test")
Actions #2

Updated by nobu (Nobuyoshi Nakada) about 7 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r61349.


Fixed command Injection

  • resolv.rb (Resolv::Hosts#lazy_initialize): fixed potential
    command Injection in Hosts::new() by use of Kernel#open.
    [Fix GH-1777] [ruby-core:84347] [Bug #14205]

From: Drigg3r

Actions

Also available in: Atom PDF

Like0
Like0Like0