View Single Post
  #1   (View Single Post)  
Old 27th January 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default Ruby Mail gem can execute arbitrary shell commands

From http://www.h-online.com/security/new...s-1178088.html

Quote:
The sendmail mechanism of the Ruby mail gem has been found to be vulnerable to crafted email addresses which can inject arbitrary commands to the underlying system. Any application that implements sendmail-based delivery, and which uses the Ruby mail gem 2.2.14 or earlier, is vulnerable.The issue will also affect Ruby on Rails 3.0.x applications which use the sendmail delivery mechanism.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote