Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Added 9 new security checks in version 1.2.0

  • Loading branch information...
commit 7fde5c47cd75ad626932deeb5310d97179ac4710 1 parent 819e563
@thesp0nge authored
Showing with 16 additions and 2 deletions.
  1. +16 −2 KnowledgeBase.md
View
18 KnowledgeBase.md
@@ -1,6 +1,6 @@
# Codesake::Dawn Knowledge base
-The knowledge base library for Codesake::Dawn version 1.1.0 contains 171 security checks.
+The knowledge base library for Codesake::Dawn version 1.2.0 contains 180 security checks.
---
* Simple Form XSS - 20131129: There is a XSS vulnerability on Simple Form's label, hint and error options. When Simple Form creates a label, hint or error message it marks the text as being HTML safe, even though it may contain HTML tags. In applications where the text of these helpers can be provided by the users, malicious values can be provided and Simple Form will mark it as safe.
* [CVE-2004-0755](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0755): The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
@@ -127,6 +127,7 @@ The knowledge base library for Codesake::Dawn version 1.1.0 contains 171 securit
* [CVE-2013-1948](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1948): converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
* [CVE-2013-2065](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2065): Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the objects passed in. This can result in tainted objects being accepted as input when a SecurityError exception should be raised.
* [CVE-2013-2090](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2090): Ruby Gem Creme Fraiche version 0.6 suffers from a remote command injection vulnerability due to unsanitized input.
+* [CVE-2013-2105](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2105): The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.
* [CVE-2013-2119](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2119): Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
* [CVE-2013-2512](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2512): ftpd Gem for Ruby contains a flaw that is triggered when handling a specially crafted option or filename that contains a shell character. This may allow a remote attacker to inject arbitrary commands
* [CVE-2013-2513](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2513): flash_tool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands.
@@ -163,11 +164,24 @@ XML documents with carefully crafted entity expansion strings which can cause th
* [CVE-2014-0080](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0080): SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving (backslash) characters that are not properly handled in operations on array columns.
* [CVE-2014-0081](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081): Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.
* [CVE-2014-0082](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082): actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
+* [CVE-2014-0130](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130): The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the rails application server.
* [CVE-2014-1233](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1233): The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.
* [CVE-2014-1234](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1234): The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.
* [CVE-2014-2322](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2322): Arabic Prawn Gem for Ruby contains a flaw in the ib/string_utf_support.rb file. The issue is due to the program failing to sanitize user input. This may allow a remote attacker to inject arbitrary commands.
* [CVE-2014-2525](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525):
* [CVE-2014-2538](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2538): rack-ssl Gem for Ruby contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the program does not validate input passed via error messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
+* [CVE-2014-3482](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482): Ruby on Rails contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the PostgreSQL adapter for Active Record not properly sanitizing user-supplied input when quoting bitstrings. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
+* [CVE-2014-3483](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483): Ruby on Rails contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the PostgreSQL adapter for Active Record not properly sanitizing user-supplied input when quoting ranges. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
+* [OSVDB-105971](http://osvdb.org/show/osvdb/105971): sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body] input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands.
+* OSVDB-105971: sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body] input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands.
+* [OSVDB-108569](http://osvdb.org/show/osvdb/108569): backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered as the program displays password information in plaintext in the process list. This may allow a local attacker to gain access to password information.
+* OSVDB-108569: backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered as the program displays password information in plaintext in the process list. This may allow a local attacker to gain access to password information.
+* [OSVDB-108570](http://osvdb.org/show/osvdb/108570): backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.
+* OSVDB-108570: backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.
+* [OSVDB-108530](http://osvdb.org/show/osvdb/108530): kajam Gem for Ruby contains a flaw in /dataset/lib/dataset/database/postgresql.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.
+* OSVDB-108530: kajam Gem for Ruby contains a flaw in /dataset/lib/dataset/database/postgresql.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.
+* [OSVDB-108563](http://osvdb.org/show/osvdb/108563): gyazo Gem for Ruby contains a flaw in client.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.
+* OSVDB-108563: gyazo Gem for Ruby contains a flaw in client.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.
* Owasp Ror CheatSheet: Command Injection: Ruby offers a function called "eval" which will dynamically build new Ruby code based on Strings. It also has a number of ways to call system commands. While the power of these commands is quite useful, extreme care should be taken when using them in a Rails based application. Usually, its just a bad idea. If need be, a whitelist of possible values should be used and any input should be validated as thoroughly as possible. The Ruby Security Reviewer's Guide has a section on injection and there are a number of OWASP references for it, starting at the top: Command Injection.
* Owasp Ror CheatSheet: Cross Site Request Forgery: Ruby on Rails has specific, built in support for CSRF tokens. To enable it, or ensure that it is enabled, find the base ApplicationController and look for the protect_from_forgery directive. Note that by default Rails does not provide CSRF protection for any HTTP GET request.
* Owasp Ror CheatSheet: Session management: By default, Ruby on Rails uses a Cookie based session store. What that means is that unless you change something, the session will not expire on the server. That means that some default applications may be vulnerable to replay attacks. It also means that sensitive information should never be put in the session.
@@ -196,4 +210,4 @@ Setting this to true will essentially strip out any host information.
This check will analyze the source code looking for the following patterns: XXX, TO_CHECK, CHECKME, CHECK and FIXME
-_Last updated: Tue 01 Apr 08:13:46 CEST 2014_
+_Last updated: Tue 08 Jul 17:59:10 CEST 2014_
Please sign in to comment.
Something went wrong with that request. Please try again.