Ruby Mail gem can execute arbitrary shell commands
From http://www.h-online.com/security/new...s-1178088.html
Quote:
The sendmail mechanism of the Ruby mail gem has been found to be vulnerable to crafted email addresses which can inject arbitrary commands to the underlying system. Any application that implements sendmail-based delivery, and which uses the Ruby mail gem 2.2.14 or earlier, is vulnerable.The issue will also affect Ruby on Rails 3.0.x applications which use the sendmail delivery mechanism.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|