FreeBSD : rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability (1cae628c-3569-11e0-8e81-0022190034c0)
Medium Nessus Plugin ID 51962
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSecunia reports :
Input passed via an email from address is not properly sanitised in the 'deliver()' function (lib/mail/network/delivery_methods/sendmail.rb) before being used as a command line argument. This can be exploited to inject arbitrary shell commands.
SolutionUpdate the affected package.