New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed command Injection #1777

Closed
wants to merge 1 commit into
base: trunk
from

Conversation

3 participants
@drigg3r

drigg3r commented Dec 19, 2017

Command Injection in Hosts::new() by use of Kernel#open

Fixed command Injection
Command Injection in Hosts::new() by use of Kernel#open
@drigg3r

This comment has been minimized.

drigg3r commented Dec 19, 2017

Here is the PoC of command injection

require 'resolv'
a = Resolv::Hosts::new("|echo 1 > /tmp/rce")
a.getaddress("lol")
@nobu

This comment has been minimized.

Member

nobu commented Dec 19, 2017

What situation is that an external input is fed to Resolv::Hosts?

@drigg3r

This comment has been minimized.

drigg3r commented Dec 20, 2017

Well actually kinda never. That is why I made a pr instead of reporting it to the security email.

@matzbot matzbot closed this in e746456 Dec 20, 2017

@philCryoport

This comment has been minimized.

philCryoport commented Jan 29, 2018

@matzbot

There is a CVE with a score of 7.5 against this: https://www.cvedetails.com/cve/CVE-2017-17790/

I don't see a code merge entry for this pull request. Has this CVE been resolved through a separate channel? If so please document by linking to that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment