Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.

There are packages installed that are affected by a vulnerability referenced in the following CVE:

  - Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem
    before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to
    parameter. (CVE-2012-2139)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1542 advisory.

    Red Hat CloudForms is an on-premise hybrid cloud     Infrastructure-as-a-Service (IaaS) product that lets you create and manage     private and public clouds.

    Multiple input validation vulnerabilities were discovered in     rubygem-activerecored. A remote attacker could possibly use these flaws     to perform an SQL injection attack against an application using     rubygem-activerecord. (CVE-2012-2660, CVE-2012-2661, CVE-2012-2694,     CVE-2012-2695)

    Multiple cross-site scripting (XSS) flaws were found in rubygem-actionpack.
    A remote attacker could use these flaws to conduct XSS attacks against     users of an application using rubygem-actionpack. (CVE-2012-3463,     CVE-2012-3464, CVE-2012-3465)

    A flaw was found in the HTTP digest authentication implementation in     rubygem-actionpack. A remote attacker could use this flaw to cause a     denial of service of an application using rubygem-actionpack and digest     authentication. (CVE-2012-3424)

    An input validation flaw was found in rubygem-mail's Exim and Sendmail     delivery methods. A remote attacker could use this flaw to execute     arbitrary commands with the privileges of an application using     rubygem-mail. (CVE-2012-2140)

    A directory traversal flaw was found in rubygem-mail's file delivery     method. A remote attacker could use this flaw to send a mail with a     specially crafted To: header and write to files with the privileges of     an application using rubygem-mail. (CVE-2012-2139)

    Puppet was updated to version 2.6.17, which fixes multiple security     issues. These issues are not exposed by CloudForms. (CVE-2012-1986,     CVE-2012-1987, CVE-2012-1988, CVE-2012-3864, CVE-2012-3865, CVE-2012-3867)

    Red Hat would like to thank Puppet Labs for reporting CVE-2012-1988,     CVE-2012-1986, CVE-2012-1987, CVE-2012-3864, CVE-2012-3865, and     CVE-2012-3867.

    Users are advised to upgrade to these CloudForms Commons packages, which     resolve these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Update to Mail 2.4.4.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

rubygem-mail -- multiple vulnerabilities

Two issues were fixed. They are a file system traversal in file_delivery method and arbitrary command execution when using exim or sendmail from the command line.

ID	Name	Product	Family	Severity
421819	SCA: security update for mail (GHSA-cj92-c4fj-w9c5)	Tenable Cloud Security	SCA Checks	high
421819	SCA: security update for mail (GHSA-cj92-c4fj-w9c5)	Tenable Self-Hosted Container Security	SCA Checks	high
193969	RHEL 6 : CloudForms Commons 1.1 (RHSA-2012:1542)	Nessus	Red Hat Local Security Checks	high
59267	Fedora 17 : rubygem-actionmailer-3.0.11-2.fc17 / rubygem-mail-2.4.4-1.fc17 (2012-7619)	Nessus	Fedora Local Security Checks	high
59204	Fedora 15 : rubygem-actionmailer-3.0.5-3.fc15 / rubygem-mail-2.4.4-1.fc15 (2012-7692)	Nessus	Fedora Local Security Checks	high
59199	Fedora 16 : rubygem-actionmailer-3.0.10-2.fc16 / rubygem-mail-2.4.4-1.fc16 (2012-7535)	Nessus	Fedora Local Security Checks	high
59063	FreeBSD : rubygem-mail -- multiple vulnerabilities (3d55b961-9a2e-11e1-a2ef-001fd0af1a4c)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2012-2139

high

Tenable Plugins

high

high

high

high

high

high

high