CVE-2019-15224 PoC — rest-client gem for Ruby 代码注入漏洞

Source

https://github.com/chef-cft/inspec_cve_2019_15224

Associated Vulnerability

Title:rest-client gem for Ruby 代码注入漏洞 (CVE-2019-15224)
Description:The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.

Description

Example InSpec profile to detect presence of a malicious rest-client gem (CVE-2019-15224)

Readme

# a malicious rest-client gem

On August 19, 2019, it was discovered that the `rest-client` gem had had [several versions published containing malicious code](https://github.com/rest-client/rest-client/issues/713). In discovering the malicious `rest-client`, several other new gems were determined to be carrying similar code.

Coverage:

+ https://www.securityweek.com/backdoor-found-rest-client-ruby-gem
+ https://www.theregister.co.uk/2019/08/20/ruby_gem_hacked/
+ https://www.macobserver.com/news/ruby-11-backdoors/

This repo is an example of how one could use InSpec to create controls to audit hosts for the presence of malicious versions of `rest-client` and for the other gems discovered during the investigation. The checks require a scan of entire filesystem directory structures. Because this is a slow process, it is recommended that these controls should not be added to continuous system checks.

File Snapshot


 [4.0K]  /data/pocs/6657de496933506792bdf926c2e46274f97f5c81
├── [4.0K]  controls
│   └── [2.3K]  cve-2019-15224.rb
├── [4.0K]  habitat
│   └── [ 155]  plan.sh
├── [ 329]  inspec.yml
├── [4.0K]  libraries
└── [ 911]  README.md

3 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!