The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1542 advisory.

  - puppet: Filebucket arbitrary file read (CVE-2012-1986)

  - puppet: Filebucket denial of service (CVE-2012-1987)

  - puppet: Filebucket arbitrary code execution (CVE-2012-1988)

  - rubygem-mail: directory traversal (CVE-2012-2139)

  - rubygem-mail: arbitrary command execution when using exim or sendmail from commandline (CVE-2012-2140)

  - rubygem-actionpack: Unsafe query generation (CVE-2012-2660)

  - rubygem-activerecord: SQL injection when processing nested query paramaters (CVE-2012-2661)

  - rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660) (CVE-2012-2694)

  - rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than     CVE-2012-2661) (CVE-2012-2695)

  - rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest (CVE-2012-3424)

  - rubygem-actionpack: potential XSS vulnerability in select_tag prompt (CVE-2012-3463)

  - rubygem-actionpack: potential XSS vulnerability (CVE-2012-3464)

  - rubygem-actionpack: XSS Vulnerability in strip_tags (CVE-2012-3465)

  - puppet: authenticated clients allowed to read arbitrary files from the puppet master (CVE-2012-3864)

  - puppet: authenticated clients allowed to delete arbitrary files on the puppet master (CVE-2012-3865)

  - puppet: insufficient validation of agent names in CN of SSL certificate requests (CVE-2012-3867)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Update to Mail 2.4.4.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

rubygem-mail -- multiple vulnerabilities

Two issues were fixed. They are a file system traversal in file_delivery method and arbitrary command execution when using exim or sendmail from the command line.

ID	Name	Product	Family	Severity
193969	RHEL 6 : CloudForms Commons 1.1 (RHSA-2012:1542)	Nessus	Red Hat Local Security Checks	high
59267	Fedora 17 : rubygem-actionmailer-3.0.11-2.fc17 / rubygem-mail-2.4.4-1.fc17 (2012-7619)	Nessus	Fedora Local Security Checks	high
59204	Fedora 15 : rubygem-actionmailer-3.0.5-3.fc15 / rubygem-mail-2.4.4-1.fc15 (2012-7692)	Nessus	Fedora Local Security Checks	high
59199	Fedora 16 : rubygem-actionmailer-3.0.10-2.fc16 / rubygem-mail-2.4.4-1.fc16 (2012-7535)	Nessus	Fedora Local Security Checks	high
59063	FreeBSD : rubygem-mail -- multiple vulnerabilities (3d55b961-9a2e-11e1-a2ef-001fd0af1a4c)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2012-2140

critical

Tenable Plugins

high

high

high

high

high