DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 27th January 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,154
Thanked 182 Times in 149 Posts
Default Ruby Mail gem can execute arbitrary shell commands

From http://www.h-online.com/security/new...s-1178088.html

Quote:
The sendmail mechanism of the Ruby mail gem has been found to be vulnerable to crafted email addresses which can inject arbitrary commands to the underlying system. Any application that implements sendmail-based delivery, and which uses the Ruby mail gem 2.2.14 or earlier, is vulnerable.The issue will also affect Ruby on Rails 3.0.x applications which use the sendmail delivery mechanism.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Writing a simple script to edit text files and execute commands guitarscn Programming 11 24th August 2010 09:21 PM
execute commands from xinitrc rex FreeBSD General 3 22nd October 2008 10:24 PM
Execute a command during login rex FreeBSD General 4 12th September 2008 08:09 PM
ruby execute commands remotely Dr_Death_UAE Programming 0 18th August 2008 11:23 AM
Cron won't execute a perl script ivanatora FreeBSD General 4 17th August 2008 07:53 AM


All times are GMT. The time now is 09:57 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick