Vulnerability Description
The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mikel Lindsaar | <= 2.2.14 |
Related Weaknesses (CWE)
References
- http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pPatch
- http://osvdb.org/70667
- http://secunia.com/advisories/43077Vendor Advisory
- http://www.securityfocus.com/bid/46021
- http://www.vupen.com/english/advisories/2011/0233Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65010
- https://github.com/mikel/mail/raw/master/patches/20110126_sendmail.patchPatch
- http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pPatch
- http://osvdb.org/70667
- http://secunia.com/advisories/43077Vendor Advisory
- http://www.securityfocus.com/bid/46021
- http://www.vupen.com/english/advisories/2011/0233Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65010
- https://github.com/mikel/mail/raw/master/patches/20110126_sendmail.patchPatch
FAQ
What is CVE-2011-0739?
CVE-2011-0739 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell ...
How severe is CVE-2011-0739?
CVE-2011-0739 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0739?
Check the references section above for vendor advisories and patch information. Affected products include: Mikel Lindsaar Mail.