rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability

2011-01-25T00:00:00
ID 1CAE628C-3569-11E0-8E81-0022190034C0
Type freebsd
Reporter FreeBSD
Modified 2011-01-25T00:00:00

Description

Secunia reports:

Input passed via an email from address is not properly sanitised in the "deliver()" function (lib/mail/network/delivery_methods/sendmail.rb) before being used as a command line argument. This can be exploited to inject arbitrary shell commands.