Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2771

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2771
Last Modified 29 Dec 2014 09:56:57
Published 24 Dec 2014 01:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2771

Summary

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

Vulnerable Systems

Operating System

  • Oracle Linux 6.0

  • Oracle Linux 7.0

  • Redhat Enterprise Linux 6.0

  • Redhat Enterprise Linux 7.0

Application

  • Bsd Mailx Project Bsd Mailx 8.1.2

  • Heirloom Mailx 12.5


References

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748

DEBIAN - DSA-3105

SECUNIA - 61693

SECUNIA - 61585

SECUNIA - 60940

MLIST - [oss-security] 20141216 mailx issues (CVE-2004-2771, CVE-2014-7844)

REDHAT - RHSA-2014:1999

CONFIRM - http://linux.oracle.com/errata/ELSA-2014-1999.html


Last Updated: 27 May 2016 11:07:22