{"id": "DEBIAN_DLA-113.NASL", "bulletinFamily": "scanner", "title": "Debian DLA-113-1 : bsd-mailx security update", "description": "It was discovered that bsd-mailx, an implementation of the 'mail'\ncommand, had an undocumented feature which treats syntactically valid\nemail addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in\nan appropriate mailrc file. This update also removes the obsolete -T\noption. An older security vulnerability, CVE-2004-2771, had already\nbeen addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n'--' separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke 'mail\n-t' or 'sendmail -i -t' instead, passing the recipient addresses as\npart of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "published": "2015-03-26T00:00:00", "modified": "2018-07-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82097", "reporter": "Tenable", "references": ["https://packages.debian.org/source/squeeze-lts/bsd-mailx", "https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html"], "cvelist": ["CVE-2014-7844"], "type": "nessus", "lastseen": "2019-01-16T20:21:06", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2014-7844"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also removes the obsolete -T option. An older security vulnerability, CVE-2004-2771, had already been addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the '--' separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invoke 'mail\n-t' or 'sendmail -i -t' instead, passing the recipient addresses as part of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "6038bcc792715055453aef565f858aa6fa38cbc552656bf6748b15049cf6d5cd", "hashmap": [{"hash": "61cccd4a1abd857b5fbcb5b7624513ee", "key": "description"}, {"hash": "ce11636a30ff3e746f12eebffa646f57", "key": "references"}, {"hash": "acb547b7a5ee3cc7f2e171e1c9d061ce", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "99e011d31fda89d981a9cd07dd5c1a86", "key": "cvelist"}, {"hash": "2d5b44735d470318a5fbc22d7068d5ca", "key": "modified"}, {"hash": "3615a4e88c023716d77ebb2d29acac8a", "key": "pluginID"}, {"hash": "b04cb1ee3e32672ef56c470342308d5f", "key": "published"}, {"hash": "2d058cfffc7e5cdda9e72dfc6fdbc7f4", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "7fd9536ecee3570fb9fcf1a207863f2f", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82097", "id": "DEBIAN_DLA-113.NASL", "lastseen": "2016-09-26T17:24:52", "modified": "2016-05-05T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.2", "pluginID": "82097", "published": "2015-03-26T00:00:00", "references": ["https://packages.debian.org/source/squeeze-lts/bsd-mailx", "https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-113-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82097);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/05/05 14:49:54 $\");\n\n script_cve_id(\"CVE-2014-7844\");\n script_bugtraq_id(71701);\n script_osvdb_id(115954);\n\n script_name(english:\"Debian DLA-113-1 : bsd-mailx security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that bsd-mailx, an implementation of the 'mail'\ncommand, had an undocumented feature which treats syntactically valid\nemail addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in\nan appropriate mailrc file. This update also removes the obsolete -T\noption. An older security vulnerability, CVE-2004-2771, had already\nbeen addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n'--' separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke 'mail\n-t' or 'sendmail -i -t' instead, passing the recipient addresses as\npart of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/bsd-mailx\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected bsd-mailx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:ND/RC:UR\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsd-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"bsd-mailx\", reference:\"8.1.2-0.20100314cvs-1+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-113-1 : bsd-mailx security update", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:52"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:bsd-mailx"], "cvelist": ["CVE-2014-7844"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also removes the obsolete -T option. An older security vulnerability, CVE-2004-2771, had already been addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the '--' separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invoke 'mail\n-t' or 'sendmail -i -t' instead, passing the recipient addresses as part of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "752e3353991b0cf42820794f09b4693deeb3733f551ea2c2d2720cb24838542f", "hashmap": [{"hash": "61cccd4a1abd857b5fbcb5b7624513ee", "key": "description"}, {"hash": "ce11636a30ff3e746f12eebffa646f57", "key": "references"}, {"hash": "48d60a46ed3f845ea90484e4bf421124", "key": "modified"}, {"hash": "4c7ee1a33cd775c164d8c9543cb56ca9", "key": "cpe"}, {"hash": "acb547b7a5ee3cc7f2e171e1c9d061ce", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "99e011d31fda89d981a9cd07dd5c1a86", "key": "cvelist"}, {"hash": "b9656dad1d1b2f99657ffcd202530fbf", "key": "sourceData"}, {"hash": "3615a4e88c023716d77ebb2d29acac8a", "key": "pluginID"}, {"hash": "b04cb1ee3e32672ef56c470342308d5f", "key": "published"}, {"hash": "2d058cfffc7e5cdda9e72dfc6fdbc7f4", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82097", "id": "DEBIAN_DLA-113.NASL", "lastseen": "2018-07-10T05:53:06", "modified": "2018-07-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "82097", "published": "2015-03-26T00:00:00", "references": ["https://packages.debian.org/source/squeeze-lts/bsd-mailx", "https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-113-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82097);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/09 12:26:57\");\n\n script_cve_id(\"CVE-2014-7844\");\n script_bugtraq_id(71701);\n\n script_name(english:\"Debian DLA-113-1 : bsd-mailx security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that bsd-mailx, an implementation of the 'mail'\ncommand, had an undocumented feature which treats syntactically valid\nemail addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in\nan appropriate mailrc file. This update also removes the obsolete -T\noption. An older security vulnerability, CVE-2004-2771, had already\nbeen addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n'--' separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke 'mail\n-t' or 'sendmail -i -t' instead, passing the recipient addresses as\npart of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/bsd-mailx\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected bsd-mailx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsd-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"bsd-mailx\", reference:\"8.1.2-0.20100314cvs-1+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-113-1 : bsd-mailx security update", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 4, "lastseen": "2018-07-10T05:53:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:bsd-mailx"], "cvelist": ["CVE-2014-7844"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also removes the obsolete -T option. An older security vulnerability, CVE-2004-2771, had already been addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the '--' separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invoke 'mail\n-t' or 'sendmail -i -t' instead, passing the recipient addresses as part of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "739e77830a253f1dbc36dba622453fd2bf87169efd103628ec9f229de198ef96", "hashmap": [{"hash": "61cccd4a1abd857b5fbcb5b7624513ee", "key": "description"}, {"hash": "ce11636a30ff3e746f12eebffa646f57", "key": "references"}, {"hash": "4c7ee1a33cd775c164d8c9543cb56ca9", "key": "cpe"}, {"hash": "acb547b7a5ee3cc7f2e171e1c9d061ce", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "99e011d31fda89d981a9cd07dd5c1a86", "key": "cvelist"}, {"hash": "9d4ec3bc274414c5dfdd7488d4d95f7b", "key": "modified"}, {"hash": "3615a4e88c023716d77ebb2d29acac8a", "key": "pluginID"}, {"hash": "b04cb1ee3e32672ef56c470342308d5f", "key": "published"}, {"hash": "2d058cfffc7e5cdda9e72dfc6fdbc7f4", "key": "title"}, {"hash": "5037af80fc551e8603b2c9960438b182", "key": "sourceData"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82097", "id": "DEBIAN_DLA-113.NASL", "lastseen": "2018-07-07T01:54:22", "modified": "2018-07-06T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "82097", "published": "2015-03-26T00:00:00", "references": ["https://packages.debian.org/source/squeeze-lts/bsd-mailx", "https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-113-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82097);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2014-7844\");\n script_bugtraq_id(71701);\n\n script_name(english:\"Debian DLA-113-1 : bsd-mailx security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that bsd-mailx, an implementation of the 'mail'\ncommand, had an undocumented feature which treats syntactically valid\nemail addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in\nan appropriate mailrc file. This update also removes the obsolete -T\noption. An older security vulnerability, CVE-2004-2771, had already\nbeen addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n'--' separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke 'mail\n-t' or 'sendmail -i -t' instead, passing the recipient addresses as\npart of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/bsd-mailx\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected bsd-mailx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsd-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"bsd-mailx\", reference:\"8.1.2-0.20100314cvs-1+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-113-1 : bsd-mailx security update", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-07-07T01:54:22"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:bsd-mailx"], "cvelist": ["CVE-2014-7844"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also removes the obsolete -T option. An older security vulnerability, CVE-2004-2771, had already been addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the '--' separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invoke 'mail\n-t' or 'sendmail -i -t' instead, passing the recipient addresses as part of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "da428f7541a691ea5ea295baf93a3b1805b46cf020b0dc678a82e9bfce586780", "hashmap": [{"hash": "61cccd4a1abd857b5fbcb5b7624513ee", "key": "description"}, {"hash": "ce11636a30ff3e746f12eebffa646f57", "key": "references"}, {"hash": "4c7ee1a33cd775c164d8c9543cb56ca9", "key": "cpe"}, {"hash": "acb547b7a5ee3cc7f2e171e1c9d061ce", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "99e011d31fda89d981a9cd07dd5c1a86", "key": "cvelist"}, {"hash": "2d5b44735d470318a5fbc22d7068d5ca", "key": "modified"}, {"hash": "3615a4e88c023716d77ebb2d29acac8a", "key": "pluginID"}, {"hash": "b04cb1ee3e32672ef56c470342308d5f", "key": "published"}, {"hash": "2d058cfffc7e5cdda9e72dfc6fdbc7f4", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "7fd9536ecee3570fb9fcf1a207863f2f", "key": "sourceData"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82097", "id": "DEBIAN_DLA-113.NASL", "lastseen": "2017-10-29T13:39:03", "modified": "2016-05-05T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "82097", "published": "2015-03-26T00:00:00", "references": ["https://packages.debian.org/source/squeeze-lts/bsd-mailx", "https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-113-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82097);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/05/05 14:49:54 $\");\n\n script_cve_id(\"CVE-2014-7844\");\n script_bugtraq_id(71701);\n script_osvdb_id(115954);\n\n script_name(english:\"Debian DLA-113-1 : bsd-mailx security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that bsd-mailx, an implementation of the 'mail'\ncommand, had an undocumented feature which treats syntactically valid\nemail addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in\nan appropriate mailrc file. This update also removes the obsolete -T\noption. An older security vulnerability, CVE-2004-2771, had already\nbeen addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n'--' separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke 'mail\n-t' or 'sendmail -i -t' instead, passing the recipient addresses as\npart of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/bsd-mailx\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected bsd-mailx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:ND/RC:UR\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsd-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"bsd-mailx\", reference:\"8.1.2-0.20100314cvs-1+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-113-1 : bsd-mailx security update", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:39:03"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "4c7ee1a33cd775c164d8c9543cb56ca9"}, {"key": "cvelist", "hash": "99e011d31fda89d981a9cd07dd5c1a86"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "3bc1ca5caa86a7ee6f74bb54dc4eccdc"}, {"key": "href", "hash": "acb547b7a5ee3cc7f2e171e1c9d061ce"}, {"key": "modified", "hash": "48d60a46ed3f845ea90484e4bf421124"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "3615a4e88c023716d77ebb2d29acac8a"}, {"key": "published", "hash": "b04cb1ee3e32672ef56c470342308d5f"}, {"key": "references", "hash": "ce11636a30ff3e746f12eebffa646f57"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "b9656dad1d1b2f99657ffcd202530fbf"}, {"key": "title", "hash": "2d058cfffc7e5cdda9e72dfc6fdbc7f4"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "deafe9f67db970cc8402545628abbfe2c834eea259a6bb0ae844d8a665641fe9", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-113-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82097);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/09 12:26:57\");\n\n script_cve_id(\"CVE-2014-7844\");\n script_bugtraq_id(71701);\n\n script_name(english:\"Debian DLA-113-1 : bsd-mailx security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that bsd-mailx, an implementation of the 'mail'\ncommand, had an undocumented feature which treats syntactically valid\nemail addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in\nan appropriate mailrc file. This update also removes the obsolete -T\noption. An older security vulnerability, CVE-2004-2771, had already\nbeen addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n'--' separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke 'mail\n-t' or 'sendmail -i -t' instead, passing the recipient addresses as\npart of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/bsd-mailx\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected bsd-mailx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsd-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"bsd-mailx\", reference:\"8.1.2-0.20100314cvs-1+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "82097", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:bsd-mailx"]}

{"f5": [{"lastseen": "2016-09-26T17:23:01", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": " * [CVE-2014-7844](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844>)\n\nThe expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell meta characters in an email address.\n\n * [CVE-2004-2771](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771>)\n\nA flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta characters (CVE-2004-2771) and the direct command execution functionality (CVE-2014-7844).\n", "reporter": "f5", "published": "2015-07-10T00:00:00", "title": "SOL16945 - Mailx vulnerabilities CVE-2004-2771 and CVE-2014-7844", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP PSM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AAM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP AFM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IQ Device", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.6.1", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.1.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP LTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "11.4.1", "operator": "le"}, {"name": "Enterprise Manager", "version": "2.3.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP ASM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PEM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP DNS", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IQ ADC", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.6.1", "operator": "le"}], "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2016-05-27T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/900/sol16945.html", "id": "SOL16945", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:10", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned IDs 529393 and 529394 (BIG-IP and BIG-IQ), and 529486 and 529490 (EM) to these vulnerabilities, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H16945 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0* \n11.0.0 - 11.6.1* \n10.1.0 - 10.2.4*| 12.1.0| Low| mailx \nBIG-IP AAM| 12.0.0* \n11.4.0 - 11.6.1*| 12.1.0| Low| mailx \nBIG-IP AFM| 12.0.0* \n11.3.0 - 11.6.1*| 12.1.0| Low| mailx \nBIG-IP Analytics| 12.0.0* \n11.0.0 - 11.6.1*| 12.1.0| Low| mailx \nBIG-IP APM| 12.0.0* \n11.0.0 - 11.6.1* \n10.1.0 - 10.2.4*| 12.1.0| Low| mailx \nBIG-IP ASM| 12.0.0* \n11.0.0 - 11.6.1* \n10.1.0 - 10.2.4*| 12.1.0| Low| mailx \nBIG-IP DNS| 12.0.0*| 12.1.0| Low| mailx \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| mailx \nBIG-IP GTM| 11.0.0 - 11.6.1* \n10.1.0 - 10.2.4*| None| Low| mailx \nBIG-IP Link Controller| 12.0.0* \n11.0.0 - 11.6.1* \n10.1.0 - 10.2.4*| 12.1.0| Low| mailx \nBIG-IP PEM| 12.0.0* \n11.3.0 - 11.6.1*| 12.1.0| Low| mailx \nBIG-IP PSM| 11.0.0 - 11.4.1* \n10.1.0 - 10.2.4*| None| Low| mailx \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| mailx \nBIG-IP WOM| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| mailx \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1* \n2.1.0 - 2.3.0*| None| Low| mailx \nFirePass| None| 7.0.0 \n6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0*| None| Low| mailx \nBIG-IQ Device| 4.2.0 - 4.5.0*| None| Low| mailx \nBIG-IQ Security| 4.0.0 - 4.5.0*| None| Low| mailx \nBIG-IQ ADC| 4.5.0*| None| Low| mailx \nLineRate| None| 2.5.0 - 2.6.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| Not vulnerable| None \nBIG-IP Edge Clients for Android| None| 2.0.0 - 2.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Apple iOS| None| 2.0.0 - 2.0.4 \n1.0.5 - 1.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Linux| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for MAC OS X| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for Windows| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients Windows Phone 8.1| None| 1.0.0.x| Not vulnerable| None \nBIG-IP Edge Portal for Android| None| 1.0.0 - 1.0.2| Not vulnerable| None \nBIG-IP Edge Portal for Apple iOS| None| 1.0.0 - 1.0.3| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\n**Important**: * Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products to trigger an exploit.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, you should avoid using the local **mailx **utility on the vulnerable system, if feasible. Additionally, you should only permit access to the system over a secure network, and limit login access to trusted users. For more information about securing access to the system, refer to [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13902>)\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "reporter": "f5", "published": "2015-07-11T02:50:00", "type": "f5", "title": "Mailx vulnerabilities CVE-2004-2771 and CVE-2014-7844", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2017-04-06T18:44:00", "href": "https://support.f5.com/csp/article/K16945", "id": "F5:K16945", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:20:34", "references": ["https://usn.ubuntu.com/2455-1/"], "pluginID": "80413", "description": "It was discovered that bsd-mailx contained a feature that allowed\nsyntactically valid email addresses to be treated as shell commands. A\nremote attacker could possibly use this issue with a valid email\naddress to execute arbitrary commands.\n\nThis functionality has now been disabled by default, and can be\nre-enabled with the 'expandaddr' configuration option. This update\nalone does not remove all possibilities of command execution. In\nenvironments where scripts use mailx to process arbitrary email\naddresses, it is recommended to modify them to use a '--' separator\nbefore the address to properly handle those that begin with '-'.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2015-01-08T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : bsd-mailx vulnerability (USN-2455-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:bsd-mailx", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2455-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80413", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2455-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80413);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-7844\");\n script_bugtraq_id(71701);\n script_xref(name:\"USN\", value:\"2455-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : bsd-mailx vulnerability (USN-2455-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that bsd-mailx contained a feature that allowed\nsyntactically valid email addresses to be treated as shell commands. A\nremote attacker could possibly use this issue with a valid email\naddress to execute arbitrary commands.\n\nThis functionality has now been disabled by default, and can be\nre-enabled with the 'expandaddr' configuration option. This update\nalone does not remove all possibilities of command execution. In\nenvironments where scripts use mailx to process arbitrary email\naddresses, it is recommended to modify them to use a '--' separator\nbefore the address to properly handle those that begin with '-'.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2455-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bsd-mailx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bsd-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"bsd-mailx\", pkgver:\"8.1.2-0.20090911cvs-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"bsd-mailx\", pkgver:\"8.1.2-0.20111106cvs-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"bsd-mailx\", pkgver:\"8.1.2-0.20131005cvs-1ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"bsd-mailx\", pkgver:\"8.1.2-0.20131005cvs-1ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bsd-mailx\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-01-16T20:20:28", "references": ["https://www.debian.org/security/2014/dsa-3104", "https://security-tracker.debian.org/tracker/CVE-2004-2771", "https://packages.debian.org/source/wheezy/bsd-mailx"], "pluginID": "80057", "description": "It was discovered that bsd-mailx, an implementation of the 'mail'\ncommand, had an undocumented feature which treats syntactically valid\nemail addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in\nan appropriate mailrc file. This update also removes the obsolete-T\noption. An older security vulnerability, CVE-2004-2771, had already\nbeen addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use\nthe-- separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invokemail -t\nor sendmail -i -t instead, passing the recipient addresses as part of\nthe mail header.", "edition": 6, "reporter": "Tenable", "published": "2014-12-17T00:00:00", "title": "Debian DSA-3104-1 : bsd-mailx - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bsd-mailx", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3104.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80057", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3104. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80057);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-7844\");\n script_xref(name:\"DSA\", value:\"3104\");\n\n script_name(english:\"Debian DSA-3104-1 : bsd-mailx - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that bsd-mailx, an implementation of the 'mail'\ncommand, had an undocumented feature which treats syntactically valid\nemail addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in\nan appropriate mailrc file. This update also removes the obsolete-T\noption. An older security vulnerability, CVE-2004-2771, had already\nbeen addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use\nthe-- separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invokemail -t\nor sendmail -i -t instead, passing the recipient addresses as part of\nthe mail header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2004-2771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/bsd-mailx\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3104\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the bsd-mailx packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 8.1.2-0.20111106cvs-1+deb7u1.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsd-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"bsd-mailx\", reference:\"8.1.2-0.20111106cvs-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-01-16T20:20:28", "references": ["https://access.redhat.com/security/cve/cve-2004-2771", "https://access.redhat.com/errata/RHSA-2014:1999", "https://access.redhat.com/security/cve/cve-2014-7844"], "pluginID": "80074", "description": "Updated mailx packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe mailx packages contain a mail user agent that is used to manage\nmail using scripts.\n\nA flaw was found in the way mailx handled the parsing of email\naddresses. A syntactically valid email address could allow a local\nattacker to cause mailx to execute arbitrary shell commands through\nshell meta-characters and the direct command execution functionality.\n(CVE-2004-2771, CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained\nfrom untrusted sources will still remain vulnerable to other attacks\nif they accept email addresses which start with '-' (so that they can\nbe confused with mailx options). To counteract this issue, this update\nalso introduces the '--' option, which will treat the remaining\ncommand line arguments as email addresses.\n\nAll mailx users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 10, "reporter": "Tenable", "published": "2014-12-17T00:00:00", "title": "RHEL 6 / 7 : mailx (RHSA-2014:1999)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:mailx", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:mailx-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-1999.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80074", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1999. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80074);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n script_bugtraq_id(71701, 71704);\n script_xref(name:\"RHSA\", value:\"2014:1999\");\n\n script_name(english:\"RHEL 6 / 7 : mailx (RHSA-2014:1999)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mailx packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe mailx packages contain a mail user agent that is used to manage\nmail using scripts.\n\nA flaw was found in the way mailx handled the parsing of email\naddresses. A syntactically valid email address could allow a local\nattacker to cause mailx to execute arbitrary shell commands through\nshell meta-characters and the direct command execution functionality.\n(CVE-2004-2771, CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained\nfrom untrusted sources will still remain vulnerable to other attacks\nif they accept email addresses which start with '-' (so that they can\nbe confused with mailx options). To counteract this issue, this update\nalso introduces the '--' option, which will treat the remaining\ncommand line arguments as email addresses.\n\nAll mailx users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-2771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7844\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mailx and / or mailx-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mailx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1999\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mailx-12.4-8.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mailx-12.4-8.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mailx-12.4-8.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mailx-debuginfo-12.4-8.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mailx-debuginfo-12.4-8.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mailx-debuginfo-12.4-8.el6_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mailx-12.5-12.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mailx-12.5-12.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mailx-debuginfo-12.5-12.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mailx-debuginfo-12.5-12.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailx / mailx-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:28", "references": ["https://oss.oracle.com/pipermail/el-errata/2014-December/004735.html", "https://oss.oracle.com/pipermail/el-errata/2014-December/004736.html"], "pluginID": "80071", "description": "From Red Hat Security Advisory 2014:1999 :\n\nUpdated mailx packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe mailx packages contain a mail user agent that is used to manage\nmail using scripts.\n\nA flaw was found in the way mailx handled the parsing of email\naddresses. A syntactically valid email address could allow a local\nattacker to cause mailx to execute arbitrary shell commands through\nshell meta-characters and the direct command execution functionality.\n(CVE-2004-2771, CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained\nfrom untrusted sources will still remain vulnerable to other attacks\nif they accept email addresses which start with '-' (so that they can\nbe confused with mailx options). To counteract this issue, this update\nalso introduces the '--' option, which will treat the remaining\ncommand line arguments as email addresses.\n\nAll mailx users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 6, "reporter": "Tenable", "published": "2014-12-17T00:00:00", "title": "Oracle Linux 6 / 7 : mailx (ELSA-2014-1999)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:mailx"], "id": "ORACLELINUX_ELSA-2014-1999.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80071", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1999 and \n# Oracle Linux Security Advisory ELSA-2014-1999 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80071);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n script_bugtraq_id(71701, 71704);\n script_xref(name:\"RHSA\", value:\"2014:1999\");\n\n script_name(english:\"Oracle Linux 6 / 7 : mailx (ELSA-2014-1999)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1999 :\n\nUpdated mailx packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe mailx packages contain a mail user agent that is used to manage\nmail using scripts.\n\nA flaw was found in the way mailx handled the parsing of email\naddresses. A syntactically valid email address could allow a local\nattacker to cause mailx to execute arbitrary shell commands through\nshell meta-characters and the direct command execution functionality.\n(CVE-2004-2771, CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained\nfrom untrusted sources will still remain vulnerable to other attacks\nif they accept email addresses which start with '-' (so that they can\nbe confused with mailx options). To counteract this issue, this update\nalso introduces the '--' option, which will treat the remaining\ncommand line arguments as email addresses.\n\nAll mailx users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-December/004735.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-December/004736.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mailx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"mailx-12.4-8.el6_6\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mailx-12.5-12.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailx\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:23:24", "references": ["http://www.nessus.org/u?d8c668e8"], "pluginID": "89084", "description": "New mailx packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.", "edition": 5, "reporter": "Tenable", "published": "2016-03-03T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : mailx (SSA:2016-062-01)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2016-03-03T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:mailx", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2016-062-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89084", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-062-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89084);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2016/03/03 14:59:46 $\");\n\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n script_xref(name:\"SSA\", value:\"2016-062-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : mailx (SSA:2016-062-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mailx packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.510514\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d8c668e8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mailx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"mailx\", pkgver:\"12.5\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"mailx\", pkgver:\"12.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"mailx\", pkgver:\"12.5\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"mailx\", pkgver:\"12.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"mailx\", pkgver:\"12.5\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"mailx\", pkgver:\"12.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"mailx\", pkgver:\"12.5\", pkgarch:\"i486\", pkgnum:\"2_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"mailx\", pkgver:\"12.5\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"mailx\", pkgver:\"12.5\", pkgarch:\"i486\", pkgnum:\"2_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mailx\", pkgver:\"12.5\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mailx\", pkgver:\"12.5\", pkgarch:\"i586\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mailx\", pkgver:\"12.5\", pkgarch:\"x86_64\", pkgnum:\"2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:56:31", "references": ["http://support.novell.com/security/cve/CVE-2004-2771.html", "http://support.novell.com/security/cve/CVE-2014-7844.html", "https://bugzilla.novell.com/show_bug.cgi?id=909208"], "pluginID": "80251", "description": "This mailx update fixes the following security issues :\n\n - Shell command injection via crafted email addresses.\n (CVE-2004-2771 / CVE-2014-7844). (bnc#909208)", "edition": 4, "reporter": "Tenable", "published": "2014-12-26T00:00:00", "title": "SuSE 11.3 Security Update : mailx (SAT Patch Number 10096)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2014-12-30T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mailx"], "id": "SUSE_11_MAILX-141215.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80251", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80251);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/12/30 13:38:09 $\");\n\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n\n script_name(english:\"SuSE 11.3 Security Update : mailx (SAT Patch Number 10096)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mailx update fixes the following security issues :\n\n - Shell command injection via crafted email addresses.\n (CVE-2004-2771 / CVE-2014-7844). (bnc#909208)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=909208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2004-2771.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-7844.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10096.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"mailx-12.5-1.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mailx-12.5-1.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"mailx-12.5-1.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:28", "references": ["http://www.nessus.org/u?a2f605e6"], "pluginID": "80075", "description": "A flaw was found in the way mailx handled the parsing of email\naddresses. A syntactically valid email address could allow a local\nattacker to cause mailx to execute arbitrary shell commands through\nshell meta-characters and the direct command execution functionality.\n(CVE-2004-2771, CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained\nfrom untrusted sources will still remain vulnerable to other attacks\nif they accept email addresses which start with '-' (so that they can\nbe confused with mailx options). To counteract this issue, this update\nalso introduces the '--' option, which will treat the remaining\ncommand line arguments as email addresses.", "edition": 6, "reporter": "Tenable", "published": "2014-12-17T00:00:00", "title": "Scientific Linux Security Update : mailx on SL6.x, SL7.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2018-12-28T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20141216_MAILX_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80075", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80075);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/28 10:10:35\");\n\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n\n script_name(english:\"Scientific Linux Security Update : mailx on SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way mailx handled the parsing of email\naddresses. A syntactically valid email address could allow a local\nattacker to cause mailx to execute arbitrary shell commands through\nshell meta-characters and the direct command execution functionality.\n(CVE-2004-2771, CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained\nfrom untrusted sources will still remain vulnerable to other attacks\nif they accept email addresses which start with '-' (so that they can\nbe confused with mailx options). To counteract this issue, this update\nalso introduces the '--' option, which will treat the remaining\ncommand line arguments as email addresses.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1412&L=scientific-linux-errata&T=0&P=2833\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2f605e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mailx and / or mailx-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"mailx-12.4-8.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"mailx-debuginfo-12.4-8.el6_6\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mailx-12.5-12.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mailx-debuginfo-12.5-12.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:33:49", "references": ["https://security.gentoo.org/glsa/201804-06"], "pluginID": "108927", "description": "The remote host is affected by the vulnerability described in GLSA-201804-06\n(mailx: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in mailx. Please review\n the CVE identifiers referenced below for details.\nImpact :\n\n A remote attacker could execute arbitrary commands.\nWorkaround :\n\n There is no known workaround at this time.", "edition": 5, "reporter": "Tenable", "published": "2018-04-10T00:00:00", "title": "GLSA-201804-06 : mailx: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2018-06-07T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mailx"], "id": "GENTOO_GLSA-201804-06.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=108927", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201804-06.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108927);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/06/07 13:15:38\");\n\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n script_xref(name:\"GLSA\", value:\"201804-06\");\n\n script_name(english:\"GLSA-201804-06 : mailx: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201804-06\n(mailx: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in mailx. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could execute arbitrary commands.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201804-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All mailx users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=mail-client/mailx-8.1.2.20160123'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/mailx\", unaffected:make_list(\"ge 8.1.2.20160123\"), vulnerable:make_list(\"lt 8.1.2.20160123\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailx\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:32", "references": ["https://lists.opensuse.org/opensuse-updates/2014-12/msg00097.html", "https://bugzilla.opensuse.org/show_bug.cgi?id=909208"], "pluginID": "80274", "description": "This mailx update fixes the following security issue :\n\nbsc#909208: shell command injection via crafted email addresses\n(CVE-2004-2771, CVE-2014-7844)", "edition": 6, "reporter": "Tenable", "published": "2014-12-29T00:00:00", "title": "openSUSE Security Update : mailx (openSUSE-SU-2014:1713-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:mailx-debuginfo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:mailx-debugsource", "p-cpe:/a:novell:opensuse:mailx", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-812.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80274", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-812.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80274);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n\n script_name(english:\"openSUSE Security Update : mailx (openSUSE-SU-2014:1713-1)\");\n script_summary(english:\"Check for the openSUSE-2014-812 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mailx update fixes the following security issue :\n\nbsc#909208: shell command injection via crafted email addresses\n(CVE-2004-2771, CVE-2014-7844)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-12/msg00097.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mailx packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mailx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mailx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mailx-12.5-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mailx-debuginfo-12.5-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mailx-debugsource-12.5-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mailx-12.5-14.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mailx-debuginfo-12.5-14.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mailx-debugsource-12.5-14.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mailx-12.5-20.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mailx-debuginfo-12.5-20.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mailx-debugsource-12.5-20.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailx / mailx-debuginfo / mailx-debugsource\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:34", "references": ["https://alas.aws.amazon.com/ALAS-2015-467.html"], "pluginID": "80418", "description": "A flaw was found in the way mailx handled the parsing of email\naddresses. A syntactically valid email address could allow a local\nattacker to cause mailx to execute arbitrary shell commands through\nshell meta-characters and the direct command execution functionality.\n(CVE-2004-2771 , CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained\nfrom untrusted sources will still remain vulnerable to other attacks\nif they accept email addresses which start with '-' (so that they can\nbe confused with mailx options). To counteract this issue, this update\nalso introduces the '--' option, which will treat the remaining\ncommand line arguments as email addresses.", "edition": 6, "reporter": "Tenable", "published": "2015-01-09T00:00:00", "title": "Amazon Linux AMI : mailx (ALAS-2015-467)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mailx-debuginfo", "p-cpe:/a:amazon:linux:mailx", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-467.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80418", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-467.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80418);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n script_xref(name:\"ALAS\", value:\"2015-467\");\n script_xref(name:\"RHSA\", value:\"2014:1999\");\n\n script_name(english:\"Amazon Linux AMI : mailx (ALAS-2015-467)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way mailx handled the parsing of email\naddresses. A syntactically valid email address could allow a local\nattacker to cause mailx to execute arbitrary shell commands through\nshell meta-characters and the direct command execution functionality.\n(CVE-2004-2771 , CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained\nfrom untrusted sources will still remain vulnerable to other attacks\nif they accept email addresses which start with '-' (so that they can\nbe confused with mailx options). To counteract this issue, this update\nalso introduces the '--' option, which will treat the remaining\ncommand line arguments as email addresses.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-467.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mailx' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mailx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mailx-12.4-8.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mailx-debuginfo-12.4-8.8.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailx / mailx-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-11-19T13:01:16", "references": ["http://www.ubuntu.com/usn/usn-2455-1/", "2455-1"], "pluginID": "1361412562310842071", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-01-23T00:00:00", "title": "Ubuntu Update for bsd-mailx USN-2455-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310842071", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842071", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for bsd-mailx USN-2455-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842071\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:59:19 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-7844\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for bsd-mailx USN-2455-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bsd-mailx'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that bsd-mailx contained a\nfeature that allowed syntactically valid email addresses to be treated as shell\ncommands. A remote attacker could possibly use this issue with a valid email address\nto execute arbitrary commands.\n\nThis functionality has now been disabled by default, and can be re-enabled\nwith the 'expandaddr' configuration option. This update alone does not\nremove all possibilities of command execution. In environments where\nscripts use mailx to process arbitrary email addresses, it is recommended\nto modify them to use a '--' separator before the address to properly\nhandle those that begin with '-'.\");\n script_tag(name:\"affected\", value:\"bsd-mailx on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2455-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2455-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bsd-mailx\", ver:\"8.1.2-0.20131005cvs-1ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bsd-mailx\", ver:\"8.1.2-0.20131005cvs-1ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bsd-mailx\", ver:\"8.1.2-0.20111106cvs-1ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bsd-mailx\", ver:\"8.1.2-0.20090911cvs-2ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-10-02T14:31:49", "references": ["https://alas.aws.amazon.com/ALAS-2015-467.html"], "pluginID": "1361412562310120453", "description": "Amazon Linux Local Security Checks", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: ALAS-2015-467", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120453", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120453", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-467.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120453\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:43 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2015-467\");\n script_tag(name:\"insight\", value:\"A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. (CVE-2004-2771, CVE-2014-7844 )Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with - (so that they can be confused with mailx options). To counteract this issue, this update also introduces the -- option, which will treat the remaining command line arguments as email addresses.\");\n script_tag(name:\"solution\", value:\"Run yum update mailx to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-467.html\");\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"mailx\", rpm:\"mailx~12.4~8.8.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mailx-debuginfo\", rpm:\"mailx-debuginfo~12.4~8.8.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-03T10:48:52", "references": ["http://www.debian.org/security/2014/dsa-3104.html"], "pluginID": "703104", "description": "It was discovered that bsd-mailx,\nan implementation of the mail command, had an undocumented feature which treats\nsyntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the expandaddr in an\nappropriate mailrc file. This update also removes the obsolete -T option. An\nolder security vulnerability, CVE-2004-2771, had already been addressed in the\nDebian", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-12-16T00:00:00", "title": "Debian Security Advisory DSA 3104-1 (bsd-mailx - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2017-07-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703104", "id": "OPENVAS:703104", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3104.nasl 6759 2017-07-19 09:56:33Z teissa $\n# Auto-generated from advisory DSA 3104-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703104);\n script_version(\"$Revision: 6759 $\");\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n script_name(\"Debian Security Advisory DSA 3104-1 (bsd-mailx - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-19 11:56:33 +0200 (Wed, 19 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-16 00:00:00 +0100 (Tue, 16 Dec 2014)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3104.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"bsd-mailx on Debian Linux\");\n script_tag(name: \"insight\", value: \"mailx is the traditional\ncommand-line-mode mail user agent. Even if you don't use it, it may be\nrequired by other programs.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 8.1.2-0.20111106cvs-1+deb7u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that bsd-mailx,\nan implementation of the mail command, had an undocumented feature which treats\nsyntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the expandaddr in an\nappropriate mailrc file. This update also removes the obsolete -T option. An\nolder security vulnerability, CVE-2004-2771, had already been addressed in the\nDebian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities for\ncommand execution, though. Scripts which send mail to addresses obtained\nfrom an untrusted source (such as a web form) should use the -- separator\nbefore the email addresses (which was fixed to work properly in this update),\nor they should be changed to invoke mail -t or sendmail -i -t instead, passing\nthe recipient addresses as part of the mail header.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"bsd-mailx\", ver:\"8.1.2-0.20111106cvs-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:46", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147393.html", "2014-17277"], "pluginID": "1361412562310868798", "description": "Check the version of mailx", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-01-05T00:00:00", "title": "Fedora Update for mailx FEDORA-2014-17277", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310868798", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868798", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mailx FEDORA-2014-17277\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868798\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:53:30 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mailx FEDORA-2014-17277\");\n script_tag(name: \"summary\", value: \"Check the version of mailx\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mailx is an enhanced mail command, which provides the functionality\nof the POSIX mailx command, as well as SysV mail and Berkeley Mail\n(from which it is derived).\n\nAdditionally to the POSIX features, mailx can work with Maildir/ e-mail\nstorage format (as well as mailboxes), supports IMAP, POP3 and SMTP\nprotocols (including over SSL) to operate with remote hosts, handles mime\ntypes and different charsets. There are a lot of other useful features,\nsee mailx(1).\n\nAnd as its ancient analogues, mailx can be used as a mail script language,\nboth for sending and receiving mail.\n\nBesides the 'mailx' command, this package provides 'mail' and 'Mail'\n(which should be compatible with its predecessors from the mailx-8.x source),\nas well as 'nail' (the initial name of this project).\n\");\n script_tag(name: \"affected\", value: \"mailx on Fedora 19\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-17277\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147393.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mailx\", rpm:\"mailx~12.5~9.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:53", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147445.html", "2014-17243"], "pluginID": "1361412562310868698", "description": "Check the version of mailx", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-01-05T00:00:00", "title": "Fedora Update for mailx FEDORA-2014-17243", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310868698", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868698", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mailx FEDORA-2014-17243\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868698\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:43:23 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mailx FEDORA-2014-17243\");\n script_tag(name: \"summary\", value: \"Check the version of mailx\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mailx is an enhanced mail command, which provides the functionality\nof the POSIX mailx command, as well as SysV mail and Berkeley Mail\n(from which it is derived).\n\nAdditionally to the POSIX features, mailx can work with Maildir/ e-mail\nstorage format (as well as mailboxes), supports IMAP, POP3 and SMTP\nprotocols (including over SSL) to operate with remote hosts, handles mime\ntypes and different charsets. There are a lot of other useful features,\nsee mailx(1).\n\nAnd as its ancient analogues, mailx can be used as a mail script language,\nboth for sending and receiving mail.\n\nBesides the 'mailx' command, this package provides 'mail' and 'Mail'\n(which should be compatible with its predecessors from the mailx-8.x source),\nas well as 'nail' (the initial name of this project).\n\");\n script_tag(name: \"affected\", value: \"mailx on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-17243\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147445.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"mailx\", rpm:\"mailx~12.5~14.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:10", "references": ["2014-17245", "https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147453.html"], "pluginID": "1361412562310868685", "description": "Check the version of mailx", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-01-05T00:00:00", "title": "Fedora Update for mailx FEDORA-2014-17245", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310868685", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868685", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mailx FEDORA-2014-17245\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868685\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:42:21 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mailx FEDORA-2014-17245\");\n script_tag(name: \"summary\", value: \"Check the version of mailx\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mailx is an enhanced mail command, which provides the functionality\nof the POSIX mailx command, as well as SysV mail and Berkeley Mail\n(from which it is derived).\n\nAdditionally to the POSIX features, mailx can work with Maildir/ e-mail\nstorage format (as well as mailboxes), supports IMAP, POP3 and SMTP\nprotocols (including over SSL) to operate with remote hosts, handles mime\ntypes and different charsets. There are a lot of other useful features,\nsee mailx(1).\n\nAnd as its ancient analogues, mailx can be used as a mail script language,\nboth for sending and receiving mail.\n\nBesides the 'mailx' command, this package provides 'mail' and 'Mail'\n(which should be compatible with its predecessors from the mailx-8.x source),\nas well as 'nail' (the initial name of this project).\n\");\n script_tag(name: \"affected\", value: \"mailx on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-17245\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147453.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mailx\", rpm:\"mailx~12.5~11.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:53:49", "references": ["http://www.debian.org/security/2014/dsa-3104.html"], "pluginID": "1361412562310703104", "description": "It was discovered that bsd-mailx,\nan implementation of the mail command, had an undocumented feature which treats\nsyntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the expandaddr in an\nappropriate mailrc file. This update also removes the obsolete -T option. An\nolder security vulnerability, CVE-2004-2771, had already been addressed in the\nDebian", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-12-16T00:00:00", "title": "Debian Security Advisory DSA 3104-1 (bsd-mailx - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703104", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703104", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3104.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 3104-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703104\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n script_name(\"Debian Security Advisory DSA 3104-1 (bsd-mailx - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-16 00:00:00 +0100 (Tue, 16 Dec 2014)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3104.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"bsd-mailx on Debian Linux\");\n script_tag(name: \"insight\", value: \"mailx is the traditional\ncommand-line-mode mail user agent. Even if you don't use it, it may be\nrequired by other programs.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 8.1.2-0.20111106cvs-1+deb7u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that bsd-mailx,\nan implementation of the mail command, had an undocumented feature which treats\nsyntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the expandaddr in an\nappropriate mailrc file. This update also removes the obsolete -T option. An\nolder security vulnerability, CVE-2004-2771, had already been addressed in the\nDebian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities for\ncommand execution, though. Scripts which send mail to addresses obtained\nfrom an untrusted source (such as a web form) should use the -- separator\nbefore the email addresses (which was fixed to work properly in this update),\nor they should be changed to invoke mail -t or sendmail -i -t instead, passing\nthe recipient addresses as part of the mail header.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"bsd-mailx\", ver:\"8.1.2-0.20111106cvs-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:56", "references": ["http://www.debian.org/security/2014/dsa-3105.html"], "pluginID": "1361412562310703105", "description": "Two security vulnerabilities were\ndiscovered in Heirloom mailx, an implementation of the mail command:\n\nCVE-2004-2771\nmailx interprets interprets shell meta-characters in certain email\naddresses.\n\nCVE-2014-7844\nAn unexpected feature of mailx treats syntactically valid email\naddresses as shell commands to execute.\n\nShell command execution can be re-enabled using the expandaddr\noption.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n-- separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke\nmail -t or sendmail -i -t instead, passing the recipient addresses\nas part of the mail header.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-12-16T00:00:00", "title": "Debian Security Advisory DSA 3105-1 (heirloom-mailx - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703105", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703105", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3105.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 3105-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703105\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n script_name(\"Debian Security Advisory DSA 3105-1 (heirloom-mailx - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-16 00:00:00 +0100 (Tue, 16 Dec 2014)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3105.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"heirloom-mailx on Debian Linux\");\n script_tag(name: \"insight\", value: \"Workalike of the classical mail(1).\nHeirloom mailx can produce and read MIME and S/MIME messages and has greatly\nimproved character-set handling, including support for UTF-8.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 12.5-2+deb7u1.\n\nWe recommend that you upgrade your heirloom-mailx packages.\");\n script_tag(name: \"summary\", value: \"Two security vulnerabilities were\ndiscovered in Heirloom mailx, an implementation of the mail command:\n\nCVE-2004-2771\nmailx interprets interprets shell meta-characters in certain email\naddresses.\n\nCVE-2014-7844\nAn unexpected feature of mailx treats syntactically valid email\naddresses as shell commands to execute.\n\nShell command execution can be re-enabled using the expandaddr\noption.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n-- separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke\nmail -t or sendmail -i -t instead, passing the recipient addresses\nas part of the mail header.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"heirloom-mailx\", ver:\"12.5-2+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:48:22", "references": ["http://www.debian.org/security/2014/dsa-3105.html"], "pluginID": "703105", "description": "Two security vulnerabilities were\ndiscovered in Heirloom mailx, an implementation of the mail command:\n\nCVE-2004-2771\nmailx interprets interprets shell meta-characters in certain email\naddresses.\n\nCVE-2014-7844\nAn unexpected feature of mailx treats syntactically valid email\naddresses as shell commands to execute.\n\nShell command execution can be re-enabled using the expandaddr\noption.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n-- separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke\nmail -t or sendmail -i -t instead, passing the recipient addresses\nas part of the mail header.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-12-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Debian Security Advisory DSA 3105-1 (heirloom-mailx - security update)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703105", "id": "OPENVAS:703105", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3105.nasl 6692 2017-07-12 09:57:43Z teissa $\n# Auto-generated from advisory DSA 3105-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703105);\n script_version(\"$Revision: 6692 $\");\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n script_name(\"Debian Security Advisory DSA 3105-1 (heirloom-mailx - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-16 00:00:00 +0100 (Tue, 16 Dec 2014)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3105.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"heirloom-mailx on Debian Linux\");\n script_tag(name: \"insight\", value: \"Workalike of the classical mail(1).\nHeirloom mailx can produce and read MIME and S/MIME messages and has greatly\nimproved character-set handling, including support for UTF-8.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 12.5-2+deb7u1.\n\nWe recommend that you upgrade your heirloom-mailx packages.\");\n script_tag(name: \"summary\", value: \"Two security vulnerabilities were\ndiscovered in Heirloom mailx, an implementation of the mail command:\n\nCVE-2004-2771\nmailx interprets interprets shell meta-characters in certain email\naddresses.\n\nCVE-2014-7844\nAn unexpected feature of mailx treats syntactically valid email\naddresses as shell commands to execute.\n\nShell command execution can be re-enabled using the expandaddr\noption.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n-- separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke\nmail -t or sendmail -i -t instead, passing the recipient addresses\nas part of the mail header.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"heirloom-mailx\", ver:\"12.5-2+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:24:42", "references": ["http://linux.oracle.com/errata/ELSA-2014-1999.html"], "pluginID": "1361412562310123220", "description": "Oracle Linux Local Security Checks ELSA-2014-1999", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2014-1999", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123220", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123220", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1999.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123220\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:53 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1999\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1999 - mailx security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1999\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1999.html\");\n script_cve_id(\"CVE-2004-2771\", \"CVE-2014-7844\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"mailx\", rpm:\"mailx~12.5~12.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"mailx\", rpm:\"mailx~12.4~8.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-03-29T18:20:41", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-7844"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "8.1.2-0.20131005cvs-1ubuntu0.14.04.1", "arch": "noarch", "packageName": "bsd-mailx", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "8.1.2-0.20111106cvs-1ubuntu0.1", "arch": "noarch", "packageName": "bsd-mailx", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "8.1.2-0.20090911cvs-2ubuntu1.1", "arch": "noarch", "packageName": "bsd-mailx", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "8.1.2-0.20131005cvs-1ubuntu0.14.10.1", "arch": "noarch", "packageName": "bsd-mailx", "packageFilename": "UNKNOWN", "operator": "lt"}], "description": "It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands.\n\nThis functionality has now been disabled by default, and can be re-enabled with the \u201cexpandaddr\u201d configuration option. This update alone does not remove all possibilities of command execution. In environments where scripts use mailx to process arbitrary email addresses, it is recommended to modify them to use a \u201c\u2013\u201d separator before the address to properly handle those that begin with \u201c-\u201d. In addition, specifying sendmail options after the \u201c\u2013\u201d separator is no longer supported, existing scripts may need to be modified to use the \u201c-a\u201d option instead.", "edition": 1, "reporter": "Ubuntu", "published": "2015-01-07T00:00:00", "title": "bsd-mailx vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-7844"], "modified": "2015-01-07T00:00:00", "href": "https://usn.ubuntu.com/2455-1/", "id": "USN-2455-1", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2018-10-16T22:14:03", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "12.5-2+deb7u1", "arch": "all", "packageFilename": "heirloom-mailx_12.5-2+deb7u1_all.deb", "packageName": "heirloom-mailx", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3105-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nDecember 16, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : heirloom-mailx\nCVE ID : CVE-2004-2771 CVE-2014-7844\n\nTwo security vulnerabilities were discovered in Heirloom mailx, an\nimplementation of the &quot;mail&quot; command:\n\nCVE-2004-2771\n\n mailx interprets interprets shell meta-characters in certain email\n addresses.\n\nCVE-2014-7844\n\n An unexpected feature of mailx treats syntactically valid email\n addresses as shell commands to execute.\n\nShell command execution can be re-enabled using the &quot;expandaddr&quot;\noption.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n&quot;--&quot; separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke\n&quot;mail -t&quot; or &quot;sendmail -i -t&quot; instead, passing the recipient addresses\nas part of the mail header.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 12.5-2+deb7u1.\n\nWe recommend that you upgrade your heirloom-mailx packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2014-12-16T17:56:53", "title": "[SECURITY] [DSA 3105-1] heirloom-mailx security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:03", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2014-12-16T17:56:53", "id": "DEBIAN:DSA-3105-1:D6A0D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00295.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:05", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "12.4-2+deb6u1", "arch": "all", "packageFilename": "heirloom-mailx_12.4-2+deb6u1_all.deb", "packageName": "heirloom-mailx", "operator": "lt"}], "description": "Package : heirloom-mailx\nVersion : 12.4-2+deb6u1\nCVE ID : CVE-2004-2771 CVE-2014-7844\n\nTwo security vulnerabilities were discovered in Heirloom mailx, an\nimplementation of the &quot;mail&quot; command:\n\nCVE-2004-2771\n\n mailx interprets interprets shell meta-characters in certain email\n addresses.\n\nCVE-2014-7844\n\n An unexpected feature of mailx treats syntactically valid email\n addresses as shell commands to execute.\n\nShell command execution can be re-enabled using the &quot;expandaddr&quot;\noption.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n&quot;--&quot; separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke\n&quot;mail -t&quot; or &quot;sendmail -i -t&quot; instead, passing the recipient addresses\nas part of the mail header.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 12.4-2+deb6u1.\n\nWe recommend that you upgrade your heirloom-mailx packages.\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\n", "edition": 1, "reporter": "Debian", "published": "2014-12-17T16:35:55", "title": "[SECURITY] [DLA 114-1] heirloom-mailx security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:05", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2014-12-17T16:35:55", "id": "DEBIAN:DLA-114-1:8CE7B", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201412/msg00017.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:13:56", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "8.1.2-0.20111106cvs-1+deb7u1", "arch": "all", "packageFilename": "bsd-mailx_8.1.2-0.20111106cvs-1+deb7u1_all.deb", "packageName": "bsd-mailx", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3104-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nDecember 16, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bsd-mailx\nCVE ID : CVE-2014-7844\n\nIt was discovered that bsd-mailx, an implementation of the &quot;mail&quot;\ncommand, had an undocumented feature which treats syntactically valid\nemail addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the &quot;expandaddr&quot; in\nan appropriate mailrc file. This update also removes the obsolete -T\noption. An older security vulnerability, CVE-2004-2771, had already\nbeen addressed in the Debian&#x27;s bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n&quot;--&quot; separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke\n&quot;mail -t&quot; or &quot;sendmail -i -t&quot; instead, passing the recipient addresses\nas part of the mail header.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 8.1.2-0.20111106cvs-1+deb7u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2014-12-16T17:56:26", "title": "[SECURITY] [DSA 3104-1] bsd-mailx security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:56", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2014-12-16T17:56:26", "id": "DEBIAN:DSA-3104-1:56047", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00294.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:13:19", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "8.1.2-0.20100314cvs-1+deb6u1", "arch": "all", "packageFilename": "bsd-mailx_8.1.2-0.20100314cvs-1+deb6u1_all.deb", "packageName": "bsd-mailx", "operator": "lt"}], "description": "Package : bsd-mailx\nVersion : 8.1.2-0.20100314cvs-1+deb6u1\nCVE ID : CVE-2014-7844\n\nIt was discovered that bsd-mailx, an implementation of the &quot;mail&quot;\ncommand, had an undocumented feature which treats syntactically valid\nemail addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the &quot;expandaddr&quot; in\nan appropriate mailrc file. This update also removes the obsolete -T\noption. An older security vulnerability, CVE-2004-2771, had already\nbeen addressed in the Debian&#x27;s bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n&quot;--&quot; separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke\n&quot;mail -t&quot; or &quot;sendmail -i -t&quot; instead, passing the recipient addresses\nas part of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\n", "edition": 1, "reporter": "Debian", "published": "2014-12-17T16:09:32", "title": "[SECURITY] [DLA 113-1] bsd-mailx security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:19", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2014-12-17T16:09:32", "id": "DEBIAN:DLA-113-1:43201", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201412/msg00016.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:07", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "12.4-8.el6_6", "arch": "i686", "packageName": "mailx-debuginfo", "packageFilename": "mailx-debuginfo-12.4-8.el6_6.i686.rpm", "operator": "lt"}], "description": "The mailx packages contain a mail user agent that is used to manage mail\nusing scripts.\n\nA flaw was found in the way mailx handled the parsing of email addresses.\nA syntactically valid email address could allow a local attacker to cause\nmailx to execute arbitrary shell commands through shell meta-characters and\nthe direct command execution functionality. (CVE-2004-2771, CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained from\nuntrusted sources will still remain vulnerable to other attacks if they\naccept email addresses which start with \"-\" (so that they can be confused\nwith mailx options). To counteract this issue, this update also introduces\nthe \"--\" option, which will treat the remaining command line arguments as\nemail addresses.\n\nAll mailx users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "reporter": "RedHat", "published": "2014-12-16T05:00:00", "type": "redhat", "title": "(RHSA-2014:1999) Moderate: mailx security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-2771", "CVE-2014-7844"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:24", "id": "RHSA-2014:1999", "href": "https://access.redhat.com/errata/RHSA-2014:1999", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T02:36:43", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "12.5", "arch": "x86_64", "packageFilename": "mailx-12.5-x86_64-1_slack13.37.txz", "packageName": "mailx", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "12.5", "arch": "x86_64", "packageFilename": "mailx-12.5-x86_64-2_slack14.0.txz", "packageName": "mailx", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "12.5", "arch": "i486", "packageFilename": "mailx-12.5-i486-1_slack13.0.txz", "packageName": "mailx", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "12.5", "arch": "x86_64", "packageFilename": "mailx-12.5-x86_64-2_slack14.1.txz", "packageName": "mailx", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "12.5", "arch": "i486", "packageFilename": "mailx-12.5-i486-1_slack13.1.txz", "packageName": "mailx", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "12.5", "arch": "x86_64", "packageFilename": "mailx-12.5-x86_64-1_slack13.0.txz", "packageName": "mailx", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "12.5", "arch": "i486", "packageFilename": "mailx-12.5-i486-2_slack14.0.txz", "packageName": "mailx", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "12.5", "arch": "i486", "packageFilename": "mailx-12.5-i486-1_slack13.37.txz", "packageName": "mailx", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "12.5", "arch": "i486", "packageFilename": "mailx-12.5-i486-2_slack14.1.txz", "packageName": "mailx", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "12.5", "arch": "x86_64", "packageFilename": "mailx-12.5-x86_64-1_slack13.1.txz", "packageName": "mailx", "operator": "lt"}], "description": "New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/mailx-12.5-i486-2_slack14.1.txz: Rebuilt.\n Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues\n that could allow a local attacker to cause mailx to execute arbitrary\n shell commands through the use of a specially-crafted email address.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mailx-12.5-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mailx-12.5-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mailx-12.5-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mailx-12.5-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mailx-12.5-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mailx-12.5-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mailx-12.5-i486-2_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mailx-12.5-x86_64-2_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mailx-12.5-i486-2_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mailx-12.5-x86_64-2_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mailx-12.5-i586-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/mailx-12.5-x86_64-2.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n38ee95ec8ed3dfdaf2f736e3e0e3fc39 mailx-12.5-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n1df63fd2f328a10beca73a155b79ff3c mailx-12.5-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n7ed6abe0adf99fe6cc2a820ca7b4086d mailx-12.5-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n991ac2b0121330bdb3ecd1f32f62d53c mailx-12.5-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n5f8ddb457a40ebbb5ea83b086c2ca964 mailx-12.5-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n9898bb8aa35e1c7ea21898aafe2de0e6 mailx-12.5-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n8a52d8cf54387eb6de3a00a90334694b mailx-12.5-i486-2_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nabe166a6d5e80195f6a07213ad0f89c9 mailx-12.5-x86_64-2_slack14.0.txz\n\nSlackware 14.1 package:\n39496e377649bc8c5ed75c15dc9d2505 mailx-12.5-i486-2_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ncded8a78db70f0e5208475c988b4facb mailx-12.5-x86_64-2_slack14.1.txz\n\nSlackware -current package:\n2c416a0e6e988dac27b99bb5eda67224 n/mailx-12.5-i586-2.txz\n\nSlackware x86_64 -current package:\n237538b03e07025f97eb21708fda82bc n/mailx-12.5-x86_64-2.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mailx-12.5-i486-2_slack14.1.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2016-03-02T22:56:13", "title": "mailx", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2016-03-02T22:56:13", "id": "SSA-2016-062-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.510514", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:56", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3104-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nDecember 16, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : bsd-mailx\r\nCVE ID : CVE-2014-7844\r\n\r\nIt was discovered that bsd-mailx, an implementation of the &quot;mail&quot;\r\ncommand, had an undocumented feature which treats syntactically valid\r\nemail addresses as shell commands to execute.\r\n\r\nUsers who need this feature can re-enable it using the &quot;expandaddr&quot; in\r\nan appropriate mailrc file. This update also removes the obsolete -T\r\noption. An older security vulnerability, CVE-2004-2771, had already\r\nbeen addressed in the Debian&#39;s bsd-mailx package.\r\n\r\nNote that this security update does not remove all mailx facilities\r\nfor command execution, though. Scripts which send mail to addresses\r\nobtained from an untrusted source &#40;such as a web form&#41; should use the\r\n&quot;--&quot; separator before the email addresses &#40;which was fixed to work\r\nproperly in this update&#41;, or they should be changed to invoke\r\n&quot;mail -t&quot; or &quot;sendmail -i -t&quot; instead, passing the recipient addresses\r\nas part of the mail header.\r\n\r\nFor the stable distribution &#40;wheezy&#41;, this problem has been fixed in\r\nversion 8.1.2-0.20111106cvs-1+deb7u1.\r\n\r\nWe recommend that you upgrade your bsd-mailx packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niQEcBAEBAgAGBQJUkHo/AAoJEL97/wQC1SS+iy8H/0GoPvWfS6EJ+7raoCyZBZqi\r\nRKhs0SsZ9dAGR+fp+LIJAQY5Xk+5MDJT5kS4dvgo3dbe1BuaGQaYlcs/1KwBD/ai\r\nBgMO4n/061BD/Cg5kfiUvF8ZvLYLgcr/EJ+B9ZQWxzqk1FzWcT9WdOAJfkMr3dDT\r\nwBR4LTV/CnPKvDbaywnWwvbR48i7LeE+W4ajO6IR4W7UWxBqYwJVyC1DZnMQYdiF\r\nqBGqgFpmTWtcTSZLHi+c8iQN8gs6iEG/yggUTjLJUe1bGxl+oRrXEnvyuvKmK6YS\r\n0mZPImlkyTpj+bMhp+MmShqBAGYO3XpkZAfxmlDqKkzBHeOQjzxMIJ/5glmNYPY=\r\n=2oBZ\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2014-12-22T00:00:00", "title": "[SECURITY] [DSA 3104-1] bsd-mailx security update", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:56", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2014-12-22T00:00:00", "id": "SECURITYVULNS:DOC:31525", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31525", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:56", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3105-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nDecember 16, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : heirloom-mailx\r\nCVE ID : CVE-2004-2771 CVE-2014-7844\r\n\r\nTwo security vulnerabilities were discovered in Heirloom mailx, an\r\nimplementation of the &quot;mail&quot; command:\r\n\r\nCVE-2004-2771\r\n\r\n mailx interprets interprets shell meta-characters in certain email\r\n addresses.\r\n\r\nCVE-2014-7844\r\n\r\n An unexpected feature of mailx treats syntactically valid email\r\n addresses as shell commands to execute.\r\n\r\nShell command execution can be re-enabled using the &quot;expandaddr&quot;\r\noption.\r\n\r\nNote that this security update does not remove all mailx facilities\r\nfor command execution, though. Scripts which send mail to addresses\r\nobtained from an untrusted source &#40;such as a web form&#41; should use the\r\n&quot;--&quot; separator before the email addresses &#40;which was fixed to work\r\nproperly in this update&#41;, or they should be changed to invoke\r\n&quot;mail -t&quot; or &quot;sendmail -i -t&quot; instead, passing the recipient addresses\r\nas part of the mail header.\r\n\r\nFor the stable distribution &#40;wheezy&#41;, these problems have been fixed in\r\nversion 12.5-2+deb7u1.\r\n\r\nWe recommend that you upgrade your heirloom-mailx packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niQEcBAEBAgAGBQJUkHozAAoJEL97/wQC1SS++tsIAIyvLPRuuB864e+9/vBNrn8P\r\nr0MmgGT/8FZgbuiDaqe6PUkv7mR2wPpx3k4kPXq4vcGB00OvCULBabHlc+SqWtZo\r\n535u5V0g4hoAeKUOD9BnMIgGFxoFx/wcmrDZbWxUHgHJSdmxrieix0z/uD5VniGe\r\njHZUkFAHE86pXzrrVHoYrFzSkU2N5h/ifkZED32dbYCMTTyKuSF97dK8oTyalvo+\r\n/Al27mV6idY6q8rYZZvATm1TVSO8MjjqJmCC3y2EJP8MLTrvEi59iTAFLlHB/3s1\r\nsGq5f+dGPmOsAFGtHZewGA+dpxEL/CqBMwpww1zMBiCoEIp7Vdv4OkZiAi+EfVo=\r\n=qgAH\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2014-12-22T00:00:00", "title": "[SECURITY] [DSA 3105-1] heirloom-mailx security update", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:56", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2014-12-22T00:00:00", "id": "SECURITYVULNS:DOC:31524", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31524", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:58", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31525", "https://vulners.com/securityvulns/securityvulns:doc:31524"], "description": "Shell characters injection.", "edition": 1, "reporter": "BUGTRAQ", "published": "2014-12-22T00:00:00", "title": "Different mailx versions security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:58", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2014-12-22T00:00:00", "id": "SECURITYVULNS:VULN:14160", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14160", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:01", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32391", "https://vulners.com/securityvulns/securityvulns:doc:32390"], "description": "Over 150 different vulnerabilities in system components and libraries.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-08-17T00:00:00", "title": "Apple Mac OS X / OS X Server multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:01", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "MacOS X", "version": "10.10", "operator": "eq"}, {"name": "MacOS X Server", "version": "4.1", "operator": "eq"}], "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-5477", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14630", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14630", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "references": [], "description": "\r\n\r\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\r\n2015-006\r\n\r\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\r\nand addresses the following:\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Apache 2.4.16, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.16. These were addressed by updating Apache to version\r\n2.4.16.\r\nCVE-ID\r\nCVE-2014-3581\r\nCVE-2014-3583\r\nCVE-2014-8109\r\nCVE-2015-0228\r\nCVE-2015-0253\r\nCVE-2015-3183\r\nCVE-2015-3185\r\n\r\napache_mod_php\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in PHP 5.5.20, the most\r\nserious of which may lead to arbitrary code execution.\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.20. These were addressed by updating Apache to version 5.5.27.\r\nCVE-ID\r\nCVE-2015-2783\r\nCVE-2015-2787\r\nCVE-2015-3307\r\nCVE-2015-3329\r\nCVE-2015-3330\r\nCVE-2015-4021\r\nCVE-2015-4022\r\nCVE-2015-4024\r\nCVE-2015-4025\r\nCVE-2015-4026\r\nCVE-2015-4147\r\nCVE-2015-4148\r\n\r\nApple ID OD Plug-in\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able change the password of a\r\nlocal user\r\nDescription: In some circumstances, a state management issue existed\r\nin password authentication. The issue was addressed through improved\r\nstate management.\r\nCVE-ID\r\nCVE-2015-3799 : an anonymous researcher working with HP&#39;s Zero Day\r\nInitiative\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-5768 : JieTao Yang of KeenTeam\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in\r\nIOBluetoothHCIController. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3779 : Teddy Reed of Facebook Security\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed with\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious app may be able to access notifications from\r\nother iCloud devices\r\nDescription: An issue existed where a malicious app could access a\r\nBluetooth-paired Mac or iOS device&#39;s Notification Center\r\nnotifications via the Apple Notification Center Service. The issue\r\naffected devices using Handoff and logged into the same iCloud\r\naccount. This issue was resolved by revoking access to the Apple\r\nNotification Center Service.\r\nCVE-ID\r\nCVE-2015-3786 : Xiaolong Bai &#40;Tsinghua University&#41;, System Security\r\nLab &#40;Indiana University&#41;, Tongxin Li &#40;Peking University&#41;, XiaoFeng\r\nWang &#40;Indiana University&#41;\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with privileged network position may be able to\r\nperform denial of service attack using malformed Bluetooth packets\r\nDescription: An input validation issue existed in parsing of\r\nBluetooth ACL packets. This issue was addressed through improved\r\ninput validation.\r\nCVE-ID\r\nCVE-2015-3787 : Trend Micro\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local attacker may be able to cause unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflow issues existed in blued&#39;s\r\nhandling of XPC messages. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-3777 : mitp0sh of [PDX]\r\n\r\nbootp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may have\r\nbroadcast MAC addresses of previously accessed networks via the DNAv4\r\nprotocol. This issue was addressed through disabling DNAv4 on\r\nunencrypted Wi-Fi networks.\r\nCVE-ID\r\nCVE-2015-3778 : Piers O&#39;Hanlon of Oxford Internet Institute,\r\nUniversity of Oxford &#40;on the EPSRC Being There project&#41;\r\n\r\nCloudKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access the iCloud\r\nuser record of a previously signed in user\r\nDescription: A state inconsistency existed in CloudKit when signing\r\nout users. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\r\n\r\nCoreMedia Playback\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in CoreMedia Playback.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5777 : Apple\r\nCVE-2015-5778 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5761 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5755 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\n\r\ncurl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities in cURL and libcurl prior to\r\n7.38.0, one of which may allow remote attackers to bypass the Same\r\nOrigin Policy.\r\nDescription: Multiple vulnerabilities existed in cURL and libcurl\r\nprior to 7.38.0. These issues were addressed by updating cURL to\r\nversion 7.43.0.\r\nCVE-ID\r\nCVE-2014-3613\r\nCVE-2014-3620\r\nCVE-2014-3707\r\nCVE-2014-8150\r\nCVE-2014-8151\r\nCVE-2015-3143\r\nCVE-2015-3144\r\nCVE-2015-3145\r\nCVE-2015-3148\r\nCVE-2015-3153\r\n\r\nData Detectors Engine\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a sequence of unicode characters can lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in processing of\r\nUnicode characters. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-5750 : M1x7e1 of Safeye Team &#40;www.safeye.org&#41;\r\n\r\nDate &amp; Time pref pane\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Applications that rely on system time may have unexpected\r\nbehavior\r\nDescription: An authorization issue existed when modifying the\r\nsystem date and time preferences. This issue was addressed with\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2015-3757 : Mark S C Smith\r\n\r\nDictionary Application\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept users&#39; Dictionary app queries\r\nDescription: An issue existed in the Dictionary app, which did not\r\nproperly secure user communications. This issue was addressed by\r\nmoving Dictionary queries to HTTPS.\r\nCVE-ID\r\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\r\nTeam\r\n\r\nDiskImages\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\r\n\r\ndyld\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed in dyld. This was\r\naddressed through improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3760 : beist of grayhash, Stefan Esser\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3804 : Apple\r\nCVE-2015-5775 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5756 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\n\r\ngroff\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple issues in pdfroff\r\nDescription: Multiple issues existed in pdfroff, the most serious of\r\nwhich may allow arbitrary filesystem modification. These issues were\r\naddressed by removing pdfroff.\r\nCVE-ID\r\nCVE-2009-5044\r\nCVE-2009-5078\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nTIFF images. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5758 : Apple\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO&#39;s handling of PNG and TIFF images. Visiting a malicious\r\nwebsite may result in sending data from process memory to the\r\nwebsite. This issue is addressed through improved memory\r\ninitialization and additional validation of PNG and TIFF images.\r\nCVE-ID\r\nCVE-2015-5781 : Michal Zalewski\r\nCVE-2015-5782 : Michal Zalewski\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: An issue existed in how Install.framework&#39;s &#39;runner&#39;\r\nbinary dropped privileges. This issue was addressed through improved\r\nprivilege management.\r\nCVE-ID\r\nCVE-2015-5784 : Ian Beer of Google Project Zero\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A race condition existed in\r\nInstall.framework&#39;s &#39;runner&#39; binary that resulted in\r\nprivileges being incorrectly dropped. This issue was addressed\r\nthrough improved object locking.\r\nCVE-ID\r\nCVE-2015-5754 : Ian Beer of Google Project Zero\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Memory corruption issues existed in IOFireWireFamily.\r\nThese issues were addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3769 : Ilja van Sprundel\r\nCVE-2015-3771 : Ilja van Sprundel\r\nCVE-2015-3772 : Ilja van Sprundel\r\n\r\nIOGraphics\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in IOGraphics. This\r\nissue was addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3770 : Ilja van Sprundel\r\nCVE-2015-5783 : Ilja van Sprundel\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5774 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in the mach_port_space_info interface,\r\nwhich could have led to the disclosure of kernel memory layout. This\r\nwas addressed by disabling the mach_port_space_info interface.\r\nCVE-ID\r\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\r\n@PanguTeam\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2015-3768 : Ilja van Sprundel\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A resource exhaustion issue existed in the fasttrap\r\ndriver. This was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A validation issue existed in the mounting of HFS\r\nvolumes. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute unsigned code\r\nDescription: An issue existed that allowed unsigned code to be\r\nappended to signed code in a specially crafted executable file. This\r\nissue was addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2015-3806 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A specially crafted executable file could allow unsigned,\r\nmalicious code to execute\r\nDescription: An issue existed in the way multi-architecture\r\nexecutable files were evaluated that could have allowed unsigned code\r\nto be executed. This issue was addressed through improved validation\r\nof executable files.\r\nCVE-ID\r\nCVE-2015-3803 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A validation issue existed in the handling of Mach-O\r\nfiles. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-3802 : TaiG Jailbreak Team\r\nCVE-2015-3805 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted plist may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption existed in processing of malformed\r\nplists. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\r\n&#40;@jollyjinx&#41; of Jinx Germany\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed. This was addressed\r\nthrough improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3761 : Apple\r\n\r\nLibc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted regular expression may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in the TRE library.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3796 : Ian Beer of Google Project Zero\r\nCVE-2015-3797 : Ian Beer of Google Project Zero\r\nCVE-2015-3798 : Ian Beer of Google Project Zero\r\n\r\nLibinfo\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in handling AF_INET6\r\nsockets. These were addressed by improved memory handling.\r\nCVE-ID\r\nCVE-2015-5776 : Apple\r\n\r\nlibpthread\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling syscalls.\r\nThis issue was addressed through improved lock state checking.\r\nCVE-ID\r\nCVE-2015-5757 : Lufeng Li of Qihoo 360\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\r\nto 2.9.2, the most serious of which may allow a remote attacker to\r\ncause a denial of service\r\nDescription: Multiple vulnerabilities existed in libxml2 versions\r\nprior to 2.9.2. These were addressed by updating libxml2 to version\r\n2.9.2.\r\nCVE-ID\r\nCVE-2012-6685 : Felix Groebert of Google\r\nCVE-2014-0191 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory access issue existed in libxml2. This was\r\naddressed by improved memory handling\r\nCVE-ID\r\nCVE-2014-3660 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory corruption issue existed in parsing of XML\r\nfiles. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3807 : Apple\r\n\r\nlibxpc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling of\r\nmalformed XPC messages. This issue was improved through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-3795 : Mathew Rowley\r\n\r\nmail_cmds\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary shell commands\r\nDescription: A validation issue existed in the mailx parsing of\r\nemail addresses. This was addressed by improved sanitization.\r\nCVE-ID\r\nCVE-2014-7844\r\n\r\nNotification Center OSX\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access all\r\nnotifications previously displayed to users\r\nDescription: An issue existed in Notification Center, which did not\r\nproperly delete user notifications. This issue was addressed by\r\ncorrectly deleting notifications dismissed by users.\r\nCVE-ID\r\nCVE-2015-3764 : Jonathan Zdziarski\r\n\r\nntfs\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in NTFS. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nOpenSSH\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Remote attackers may be able to circumvent a time delay for\r\nfailed login attempts and conduct brute-force attacks\r\nDescription: An issue existed when processing keyboard-interactive\r\ndevices. This issue was addressed through improved authentication\r\nrequest validation.\r\nCVE-ID\r\nCVE-2015-5600\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in OpenSSL versions prior\r\nto 0.9.8zg, the most serious of which may allow a remote attacker to\r\ncause a denial of service.\r\nDescription: Multiple vulnerabilities existed in OpenSSL versions\r\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\r\n0.9.8zg.\r\nCVE-ID\r\nCVE-2015-1788\r\nCVE-2015-1789\r\nCVE-2015-1790\r\nCVE-2015-1791\r\nCVE-2015-1792\r\n\r\nperl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted regular expression may lead to\r\ndisclosure of unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer underflow issue existed in the way Perl\r\nparsed regular expressions. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2013-7422\r\n\r\nPostgreSQL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker may be able to cause unexpected application\r\ntermination or gain access to data without proper authentication\r\nDescription: Multiple issues existed in PostgreSQL 9.2.4. These\r\nissues were addressed by updating PostgreSQL to 9.2.13.\r\nCVE-ID\r\nCVE-2014-0067\r\nCVE-2014-8161\r\nCVE-2015-0241\r\nCVE-2015-0242\r\nCVE-2015-0243\r\nCVE-2015-0244\r\n\r\npython\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Python 2.7.6, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in Python versions\r\nprior to 2.7.6. These were addressed by updating Python to version\r\n2.7.10.\r\nCVE-ID\r\nCVE-2013-7040\r\nCVE-2013-7338\r\nCVE-2014-1912\r\nCVE-2014-7185\r\nCVE-2014-9365\r\n\r\nQL Office\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted Office document may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of Office\r\ndocuments. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5773 : Apple\r\n\r\nQL Office\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML file may lead to\r\ndisclosure of user information\r\nDescription: An external entity reference issue existed in XML file\r\nparsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.\r\n\r\nQuartz Composer Framework\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of\r\nQuickTime files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5771 : Apple\r\n\r\nQuick Look\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Searching for a previously viewed website may launch the web\r\nbrowser and render that website\r\nDescription: An issue existed where QuickLook had the capability to\r\nexecute JavaScript. The issue was addressed by disallowing execution\r\nof JavaScript.\r\nCVE-ID\r\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3772\r\nCVE-2015-3779\r\nCVE-2015-5753 : Apple\r\nCVE-2015-5779 : Apple\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3765 : Joe Burnett of Audio Poison\r\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-5751 : WalkerFuz\r\n\r\nSceneKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit&#39;s handling\r\nof Collada files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5772 : Apple\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in SceneKit. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\r\n\r\nSecurity\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A standard user may be able to gain access to admin\r\nprivileges without proper authentication\r\nDescription: An issue existed in handling of user authentication.\r\nThis issue was addressed through improved authentication checks.\r\nCVE-ID\r\nCVE-2015-3775 : [Eldon Ahrold]\r\n\r\nSMBClient\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the SMB client.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3773 : Ilja van Sprundel\r\n\r\nSpeech UI\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted unicode string with speech\r\nalerts enabled may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in handling of\r\nUnicode strings. This issue was addressed by improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3794 : Adam Greenbaum of Refinitive\r\n\r\nsudo\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in sudo versions prior to\r\n1.7.10p9, the most serious of which may allow an attacker access to\r\narbitrary files\r\nDescription: Multiple vulnerabilities existed in sudo versions prior\r\nto 1.7.10p9. These were addressed by updating sudo to version\r\n1.7.10p9.\r\nCVE-ID\r\nCVE-2013-1775\r\nCVE-2013-1776\r\nCVE-2013-2776\r\nCVE-2013-2777\r\nCVE-2014-0106\r\nCVE-2014-9680\r\n\r\ntcpdump\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in tcpdump versions\r\nprior to 4.7.3. These were addressed by updating tcpdump to version\r\n4.7.3.\r\nCVE-ID\r\nCVE-2014-8767\r\nCVE-2014-8769\r\nCVE-2014-9140\r\n\r\nText Formats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted text file may lead to\r\ndisclosure of user information\r\nDescription: An XML external entity reference issue existed with\r\nTextEdit parsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\r\n\r\nudf\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3767 : beist of grayhash\r\n\r\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\r\nhttps://support.apple.com/en-us/HT205033\r\n\r\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\r\nfrom the Mac App Store or Apple&#39;s Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-08-17T00:00:00", "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:00", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32390", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:10", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1999.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "12.4-8.8.amzn1", "arch": "x86_64", "packageFilename": "mailx-12.4-8.8.amzn1.x86_64.rpm", "packageName": "mailx", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "12.4-8.8.amzn1", "arch": "i686", "packageFilename": "mailx-debuginfo-12.4-8.8.amzn1.i686.rpm", "packageName": "mailx-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "12.4-8.8.amzn1", "arch": "x86_64", "packageFilename": "mailx-debuginfo-12.4-8.8.amzn1.x86_64.rpm", "packageName": "mailx-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "12.4-8.8.amzn1", "arch": "src", "packageFilename": "mailx-12.4-8.8.amzn1.src.rpm", "packageName": "mailx", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "12.4-8.8.amzn1", "arch": "i686", "packageFilename": "mailx-12.4-8.8.amzn1.i686.rpm", "packageName": "mailx", "operator": "lt"}], "description": "**Issue Overview:**\n\nA flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. ([CVE-2004-2771 __](<https://access.redhat.com/security/cve/CVE-2004-2771>), [CVE-2014-7844 __](<https://access.redhat.com/security/cve/CVE-2014-7844>))\n\nNote: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with \"-\" (so that they can be confused with mailx options). To counteract this issue, this update also introduces the \"--\" option, which will treat the remaining command line arguments as email addresses.\n\n \n**Affected Packages:** \n\n\nmailx\n\n \n**Issue Correction:** \nRun _yum update mailx_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n mailx-12.4-8.8.amzn1.i686 \n mailx-debuginfo-12.4-8.8.amzn1.i686 \n \n src: \n mailx-12.4-8.8.amzn1.src \n \n x86_64: \n mailx-debuginfo-12.4-8.8.amzn1.x86_64 \n mailx-12.4-8.8.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2015-01-08T11:44:00", "title": "Medium: mailx", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:10", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2015-01-08T11:44:00", "id": "ALAS-2015-467", "href": "https://alas.aws.amazon.com/ALAS-2015-467.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:25:31", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1999.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "12.4-8.el6_6", "packageFilename": "mailx-12.4-8.el6_6.x86_64.rpm", "packageName": "mailx", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "12.5-12.el7_0", "packageFilename": "mailx-12.5-12.el7_0.src.rpm", "packageName": "mailx", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "12.4-8.el6_6", "packageFilename": "mailx-12.4-8.el6_6.i686.rpm", "packageName": "mailx", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "12.4-8.el6_6", "packageFilename": "mailx-12.4-8.el6_6.src.rpm", "packageName": "mailx", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "12.5-12.el7_0", "packageFilename": "mailx-12.5-12.el7_0.x86_64.rpm", "packageName": "mailx", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:1999\n\n\nThe mailx packages contain a mail user agent that is used to manage mail\nusing scripts.\n\nA flaw was found in the way mailx handled the parsing of email addresses.\nA syntactically valid email address could allow a local attacker to cause\nmailx to execute arbitrary shell commands through shell meta-characters and\nthe direct command execution functionality. (CVE-2004-2771, CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained from\nuntrusted sources will still remain vulnerable to other attacks if they\naccept email addresses which start with \"-\" (so that they can be confused\nwith mailx options). To counteract this issue, this update also introduces\nthe \"--\" option, which will treat the remaining command line arguments as\nemail addresses.\n\nAll mailx users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-December/020836.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-December/020837.html\n\n**Affected packages:**\nmailx\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1999.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-12-16T20:39:59", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "mailx security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2014-12-16T20:46:34", "href": "http://lists.centos.org/pipermail/centos-announce/2014-December/020836.html", "id": "CESA-2014:1999", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2018-04-09T03:17:51", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=533208", "https://nvd.nist.gov/vuln/detail/CVE-2004-2771", "https://nvd.nist.gov/vuln/detail/CVE-2014-7844"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "8.1.2.20160123", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "mail-client/mailx", "operator": "lt"}], "description": "### Background\n\nA utility program for sending and receiving mail, also known as a Mail User Agent program. \n\n### Description\n\nMultiple vulnerabilities have been discovered in mailx. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could execute arbitrary commands.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll mailx users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/mailx-8.1.2.20160123\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2018-04-08T00:00:00", "type": "gentoo", "title": "mailx: Multiple vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2018-04-08T00:00:00", "href": "https://security.gentoo.org/glsa/201804-06", "id": "GLSA-201804-06", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:41:29", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "12.4-8.el6_6", "arch": "src", "packageFilename": "mailx-12.4-8.el6_6.src.rpm", "packageName": "mailx", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "12.4-8.el6_6", "arch": "src", "packageFilename": "mailx-12.4-8.el6_6.src.rpm", "packageName": "mailx", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "12.5-12.el7_0", "arch": "x86_64", "packageFilename": "mailx-12.5-12.el7_0.x86_64.rpm", "packageName": "mailx", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "12.4-8.el6_6", "arch": "x86_64", "packageFilename": "mailx-12.4-8.el6_6.x86_64.rpm", "packageName": "mailx", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "12.4-8.el6_6", "arch": "i686", "packageFilename": "mailx-12.4-8.el6_6.i686.rpm", "packageName": "mailx", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "12.5-12.el7_0", "arch": "src", "packageFilename": "mailx-12.5-12.el7_0.src.rpm", "packageName": "mailx", "operator": "lt"}], "description": "[12.4-8]\n- CVE-2004-2771 mailx: command execution flaw\n resolves: #1171175", "edition": 3, "reporter": "Oracle", "published": "2014-12-16T00:00:00", "title": "mailx security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "modified": "2014-12-16T00:00:00", "id": "ELSA-2014-1999", "href": "http://linux.oracle.com/errata/ELSA-2014-1999.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}