Title: Vulnerability Report for Ruby Gem backup-agoddard-3.0.28
Author: Larry W. Cashdollar, @_larry0
Date: 06/01/2014
Download: http://rubygems.org/gems/backup-agoddard
Gem Author: anthony@anthonygoddard.com
From: ./backup-agoddard-3.0.28/lib/backup/cli/utility.rb
Lines 178 and 180 exposed the password to the process table, they are also remote command injection points if this gem is used in the context of a rails application as the user input isn't properly sanitized.
0175- base64 = options[:base64] ? -base64 :
176- password = options[:password_file].empty? ? : "-pass file:#{options[:password_file]}"
177- salt = options[:salt] ? -salt :
178: %x[openssl aes-256-cbc -d #{base64} #{password} #{salt} -in #{options[:in]} -out #{options[:out]}]
179- when gpg
180: %x[gpg -o #{options[:out]} -d #{options[:in]}]
181- else
182- puts "Unknown encryptor: #{options[:encryptor]}"
183- puts "Use either openssl or gpg."
--
224- puts "Please wait..\n\n"
226- end
227-
228- if options[:installed]
230- end
231- end
232-