Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0739

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-0739
Last Modified 03 Feb 2011 12:00:00
Published 01 Feb 2011 08:00:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0739

Summary

The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.

Vulnerable Systems

Application

  • Mikel Lindsaar Mail 1.0.0

  • Mikel Lindsaar Mail 1.1.0

  • Mikel Lindsaar Mail 1.2.1

  • Mikel Lindsaar Mail 1.2.5

  • Mikel Lindsaar Mail 1.2.6

  • Mikel Lindsaar Mail 1.2.7

  • Mikel Lindsaar Mail 1.2.8

  • Mikel Lindsaar Mail 1.2.9

  • Mikel Lindsaar Mail 1.3.0

  • Mikel Lindsaar Mail 1.3.1

  • Mikel Lindsaar Mail 1.3.2

  • Mikel Lindsaar Mail 1.3.3

  • Mikel Lindsaar Mail 1.3.4

  • Mikel Lindsaar Mail 1.3.5

  • Mikel Lindsaar Mail 1.4.0

  • Mikel Lindsaar Mail 1.4.1

  • Mikel Lindsaar Mail 1.4.2

  • Mikel Lindsaar Mail 1.4.3

  • Mikel Lindsaar Mail 1.5.0

  • Mikel Lindsaar Mail 1.5.1

  • Mikel Lindsaar Mail 1.5.2

  • Mikel Lindsaar Mail 1.5.3

  • Mikel Lindsaar Mail 1.5.4

  • Mikel Lindsaar Mail 1.6.0

  • Mikel Lindsaar Mail 2.0.3

  • Mikel Lindsaar Mail 2.0.5

  • Mikel Lindsaar Mail 2.1.0

  • Mikel Lindsaar Mail 2.1.1

  • Mikel Lindsaar Mail 2.1.2

  • Mikel Lindsaar Mail 2.1.3

  • Mikel Lindsaar Mail 2.1.5

  • Mikel Lindsaar Mail 2.1.5.1

  • Mikel Lindsaar Mail 2.1.5.2

  • Mikel Lindsaar Mail 2.1.5.3

  • Mikel Lindsaar Mail 2.2.0

  • Mikel Lindsaar Mail 2.2.1

  • Mikel Lindsaar Mail 2.2.10

  • Mikel Lindsaar Mail 2.2.11

  • Mikel Lindsaar Mail 2.2.12

  • Mikel Lindsaar Mail 2.2.13

  • Mikel Lindsaar Mail 2.2.14

  • Mikel Lindsaar Mail 2.2.2

  • Mikel Lindsaar Mail 2.2.3

  • Mikel Lindsaar Mail 2.2.4

  • Mikel Lindsaar Mail 2.2.5

  • Mikel Lindsaar Mail 2.2.5.1

  • Mikel Lindsaar Mail 2.2.5.2

  • Mikel Lindsaar Mail 2.2.6

  • Mikel Lindsaar Mail 2.2.6.1

  • Mikel Lindsaar Mail 2.2.7

  • Mikel Lindsaar Mail 2.2.9

  • Mikel Lindsaar Mail 2.2.9.1


References

MISC - https://github.com/mikel/mail/raw/master/patches/20110126_sendmail.patch

CONFIRM - http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1

XF - ruby-mail-deliver-command-execution(65010)

VUPEN - ADV-2011-0233

BID - 46021

SECUNIA - 43077

OSVDB - 70667


Last Updated: 27 May 2016 10:56:02