Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2139

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-2139
Last Modified 07 Oct 2013 12:18:35
Published 18 Jul 2012 02:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2139

Summary

Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.

Vulnerable Systems

Application

  • Rubygems Mail Gem 2.3.2

  • Rubygems Mail Gem 2.3.3

  • Rubygems Mail Gem 2.4.1

  • Rubygems Mail Gem 2.4.3


References

CONFIRM - https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=816352

MISC - https://bugzilla.novell.com/show_bug.cgi?id=759092

MLIST - [oss-security] 20120425 Re: CVE request: two flaws fixed in rubygem-mail 2.4.4

MLIST - [oss-security] 20120425 CVE request: two flaws fixed in rubygem-mail 2.4.4

SECUNIA - 48970

FEDORA - FEDORA-2012-7619

FEDORA - FEDORA-2012-7535

FEDORA - FEDORA-2012-7692


Last Updated: 27 May 2016 10:54:54