Описание
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat CloudForms Tools 1 | rubygem-mail | Affected | ||
| Red Hat Subscription Asset Manager | rubygem-mail | Affected | ||
| CloudForms for RHEL 6 | converge-ui-devel | Fixed | RHSA-2012:1542 | 04.12.2012 |
| CloudForms for RHEL 6 | puppet | Fixed | RHSA-2012:1542 | 04.12.2012 |
| CloudForms for RHEL 6 | rubygem-actionpack | Fixed | RHSA-2012:1542 | 04.12.2012 |
| CloudForms for RHEL 6 | rubygem-activerecord | Fixed | RHSA-2012:1542 | 04.12.2012 |
| CloudForms for RHEL 6 | rubygem-activesupport | Fixed | RHSA-2012:1542 | 04.12.2012 |
| CloudForms for RHEL 6 | rubygem-chunky_png | Fixed | RHSA-2012:1542 | 04.12.2012 |
| CloudForms for RHEL 6 | rubygem-compass | Fixed | RHSA-2012:1542 | 04.12.2012 |
| CloudForms for RHEL 6 | rubygem-compass-960-plugin | Fixed | RHSA-2012:1542 | 04.12.2012 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-78
https://bugzilla.redhat.com/show_bug.cgi?id=816352rubygem-mail: arbitrary command execution when using exim or sendmail from commandline
7.5 High
CVSS2
Связанные уязвимости
nvd
больше 13 лет назад
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
debian
больше 13 лет назад
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute ...
7.5 High
CVSS2