ID DEBIAN_DLA-113.NASL Type nessus Reporter Tenable Modified 2016-05-05T00:00:00
Description
It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.
Users who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also removes the obsolete -T option. An older security vulnerability, CVE-2004-2771, had already been addressed in the Debian's bsd-mailx package.
Note that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the '--' separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invoke 'mail
-t' or 'sendmail -i -t' instead, passing the recipient addresses as part of the mail header.
For the oldstable distribution (squeeze), this problem has been fixed in version 8.1.2-0.20100314cvs-1+deb6u1.
We recommend that you upgrade your bsd-mailx packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-113-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include("compat.inc");
if (description)
{
script_id(82097);
script_version("$Revision: 1.4 $");
script_cvs_date("$Date: 2016/05/05 14:49:54 $");
script_cve_id("CVE-2014-7844");
script_bugtraq_id(71701);
script_osvdb_id(115954);
script_name(english:"Debian DLA-113-1 : bsd-mailx security update");
script_summary(english:"Checks dpkg output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that bsd-mailx, an implementation of the 'mail'
command, had an undocumented feature which treats syntactically valid
email addresses as shell commands to execute.
Users who need this feature can re-enable it using the 'expandaddr' in
an appropriate mailrc file. This update also removes the obsolete -T
option. An older security vulnerability, CVE-2004-2771, had already
been addressed in the Debian's bsd-mailx package.
Note that this security update does not remove all mailx facilities
for command execution, though. Scripts which send mail to addresses
obtained from an untrusted source (such as a web form) should use the
'--' separator before the email addresses (which was fixed to work
properly in this update), or they should be changed to invoke 'mail
-t' or 'sendmail -i -t' instead, passing the recipient addresses as
part of the mail header.
For the oldstable distribution (squeeze), this problem has been fixed
in version 8.1.2-0.20100314cvs-1+deb6u1.
We recommend that you upgrade your bsd-mailx packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/squeeze-lts/bsd-mailx"
);
script_set_attribute(
attribute:"solution",
value:"Upgrade the affected bsd-mailx package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:ND/RC:UR");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bsd-mailx");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
script_set_attribute(attribute:"patch_publication_date", value:"2014/12/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"6.0", prefix:"bsd-mailx", reference:"8.1.2-0.20100314cvs-1+deb6u1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"hash": "da428f7541a691ea5ea295baf93a3b1805b46cf020b0dc678a82e9bfce586780", "naslFamily": "Debian Local Security Checks", "id": "DEBIAN_DLA-113.NASL", "lastseen": "2017-10-29T13:39:03", "viewCount": 0, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "4c7ee1a33cd775c164d8c9543cb56ca9", "key": "cpe"}, {"hash": "99e011d31fda89d981a9cd07dd5c1a86", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "61cccd4a1abd857b5fbcb5b7624513ee", "key": "description"}, {"hash": "acb547b7a5ee3cc7f2e171e1c9d061ce", "key": "href"}, {"hash": "2d5b44735d470318a5fbc22d7068d5ca", "key": "modified"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "3615a4e88c023716d77ebb2d29acac8a", "key": "pluginID"}, {"hash": "b04cb1ee3e32672ef56c470342308d5f", "key": "published"}, {"hash": "ce11636a30ff3e746f12eebffa646f57", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7fd9536ecee3570fb9fcf1a207863f2f", "key": "sourceData"}, {"hash": "2d058cfffc7e5cdda9e72dfc6fdbc7f4", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:bsd-mailx"], "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"vulnersScore": 7.5}, "type": "nessus", "description": "It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also removes the obsolete -T option. An older security vulnerability, CVE-2004-2771, had already been addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the '--' separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invoke 'mail\n-t' or 'sendmail -i -t' instead, passing the recipient addresses as part of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "title": "Debian DLA-113-1 : bsd-mailx security update", "history": [{"bulletin": {"hash": "6038bcc792715055453aef565f858aa6fa38cbc552656bf6748b15049cf6d5cd", "naslFamily": "Debian Local Security Checks", "edition": 1, "lastseen": "2016-09-26T17:24:52", "enchantments": {}, "hashmap": [{"hash": "61cccd4a1abd857b5fbcb5b7624513ee", "key": "description"}, {"hash": "ce11636a30ff3e746f12eebffa646f57", "key": "references"}, {"hash": "acb547b7a5ee3cc7f2e171e1c9d061ce", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "99e011d31fda89d981a9cd07dd5c1a86", "key": "cvelist"}, {"hash": "2d5b44735d470318a5fbc22d7068d5ca", "key": "modified"}, {"hash": "3615a4e88c023716d77ebb2d29acac8a", "key": "pluginID"}, {"hash": "b04cb1ee3e32672ef56c470342308d5f", "key": "published"}, {"hash": "2d058cfffc7e5cdda9e72dfc6fdbc7f4", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "7fd9536ecee3570fb9fcf1a207863f2f", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "bulletinFamily": "scanner", "cpe": [], "history": [], "id": "DEBIAN_DLA-113.NASL", "type": "nessus", "description": "It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also removes the obsolete -T option. An older security vulnerability, CVE-2004-2771, had already been addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the '--' separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invoke 'mail\n-t' or 'sendmail -i -t' instead, passing the recipient addresses as part of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "viewCount": 0, "title": "Debian DLA-113-1 : bsd-mailx security update", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.2", "cvelist": ["CVE-2014-7844"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-113-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82097);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/05/05 14:49:54 $\");\n\n script_cve_id(\"CVE-2014-7844\");\n script_bugtraq_id(71701);\n script_osvdb_id(115954);\n\n script_name(english:\"Debian DLA-113-1 : bsd-mailx security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that bsd-mailx, an implementation of the 'mail'\ncommand, had an undocumented feature which treats syntactically valid\nemail addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in\nan appropriate mailrc file. This update also removes the obsolete -T\noption. An older security vulnerability, CVE-2004-2771, had already\nbeen addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n'--' separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke 'mail\n-t' or 'sendmail -i -t' instead, passing the recipient addresses as\npart of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/bsd-mailx\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected bsd-mailx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:ND/RC:UR\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsd-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"bsd-mailx\", reference:\"8.1.2-0.20100314cvs-1+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "published": "2015-03-26T00:00:00", "pluginID": "82097", "references": ["https://packages.debian.org/source/squeeze-lts/bsd-mailx", "https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html"], "reporter": "Tenable", "modified": "2016-05-05T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82097"}, "lastseen": "2016-09-26T17:24:52", "edition": 1, "differentElements": ["cpe"]}], "objectVersion": "1.3", "cvelist": ["CVE-2014-7844"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-113-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82097);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/05/05 14:49:54 $\");\n\n script_cve_id(\"CVE-2014-7844\");\n script_bugtraq_id(71701);\n script_osvdb_id(115954);\n\n script_name(english:\"Debian DLA-113-1 : bsd-mailx security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that bsd-mailx, an implementation of the 'mail'\ncommand, had an undocumented feature which treats syntactically valid\nemail addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in\nan appropriate mailrc file. This update also removes the obsolete -T\noption. An older security vulnerability, CVE-2004-2771, had already\nbeen addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n'--' separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke 'mail\n-t' or 'sendmail -i -t' instead, passing the recipient addresses as\npart of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/bsd-mailx\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected bsd-mailx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:ND/RC:UR\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsd-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"bsd-mailx\", reference:\"8.1.2-0.20100314cvs-1+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "published": "2015-03-26T00:00:00", "pluginID": "82097", "references": ["https://packages.debian.org/source/squeeze-lts/bsd-mailx", "https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html"], "reporter": "Tenable", "modified": "2016-05-05T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82097"}
{"result": {"f5": [{"id": "SOL16945", "type": "f5", "title": "SOL16945 - Mailx vulnerabilities CVE-2004-2771 and CVE-2014-7844", "description": " * [CVE-2014-7844](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844>)\n\nThe expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell meta characters in an email address.\n\n * [CVE-2004-2771](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771>)\n\nA flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta characters (CVE-2004-2771) and the direct command execution functionality (CVE-2014-7844).\n", "published": "2015-07-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/900/sol16945.html", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2016-09-26T17:23:01"}, {"id": "F5:K16945", "type": "f5", "title": "Mailx vulnerabilities CVE-2004-2771 and CVE-2014-7844", "description": "\nF5 Product Development has assigned IDs 529393 and 529394 (BIG-IP and BIG-IQ), and 529486 and 529490 (EM) to these vulnerabilities, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H16945 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0* \n11.0.0 - 11.6.1* \n10.1.0 - 10.2.4*| 12.1.0| Low| mailx \nBIG-IP AAM| 12.0.0* \n11.4.0 - 11.6.1*| 12.1.0| Low| mailx \nBIG-IP AFM| 12.0.0* \n11.3.0 - 11.6.1*| 12.1.0| Low| mailx \nBIG-IP Analytics| 12.0.0* \n11.0.0 - 11.6.1*| 12.1.0| Low| mailx \nBIG-IP APM| 12.0.0* \n11.0.0 - 11.6.1* \n10.1.0 - 10.2.4*| 12.1.0| Low| mailx \nBIG-IP ASM| 12.0.0* \n11.0.0 - 11.6.1* \n10.1.0 - 10.2.4*| 12.1.0| Low| mailx \nBIG-IP DNS| 12.0.0*| 12.1.0| Low| mailx \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| mailx \nBIG-IP GTM| 11.0.0 - 11.6.1* \n10.1.0 - 10.2.4*| None| Low| mailx \nBIG-IP Link Controller| 12.0.0* \n11.0.0 - 11.6.1* \n10.1.0 - 10.2.4*| 12.1.0| Low| mailx \nBIG-IP PEM| 12.0.0* \n11.3.0 - 11.6.1*| 12.1.0| Low| mailx \nBIG-IP PSM| 11.0.0 - 11.4.1* \n10.1.0 - 10.2.4*| None| Low| mailx \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| mailx \nBIG-IP WOM| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| mailx \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1* \n2.1.0 - 2.3.0*| None| Low| mailx \nFirePass| None| 7.0.0 \n6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0*| None| Low| mailx \nBIG-IQ Device| 4.2.0 - 4.5.0*| None| Low| mailx \nBIG-IQ Security| 4.0.0 - 4.5.0*| None| Low| mailx \nBIG-IQ ADC| 4.5.0*| None| Low| mailx \nLineRate| None| 2.5.0 - 2.6.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| Not vulnerable| None \nBIG-IP Edge Clients for Android| None| 2.0.0 - 2.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Apple iOS| None| 2.0.0 - 2.0.4 \n1.0.5 - 1.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Linux| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for MAC OS X| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for Windows| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients Windows Phone 8.1| None| 1.0.0.x| Not vulnerable| None \nBIG-IP Edge Portal for Android| None| 1.0.0 - 1.0.2| Not vulnerable| None \nBIG-IP Edge Portal for Apple iOS| None| 1.0.0 - 1.0.3| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\n**Important**: * Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products to trigger an exploit.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, you should avoid using the local **mailx **utility on the vulnerable system, if feasible. Additionally, you should only permit access to the system over a secure network, and limit login access to trusted users. For more information about securing access to the system, refer to [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13902>)\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "published": "2015-07-11T02:50:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K16945", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-06-08T00:16:10"}], "nessus": [{"id": "UBUNTU_USN-2455-1.NASL", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : bsd-mailx vulnerability (USN-2455-1)", "description": "It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands.\n\nThis functionality has now been disabled by default, and can be re-enabled with the 'expandaddr' configuration option. This update alone does not remove all possibilities of command execution. In environments where scripts use mailx to process arbitrary email addresses, it is recommended to modify them to use a '--' separator before the address to properly handle those that begin with '-'.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-01-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80413", "cvelist": ["CVE-2014-7844"], "lastseen": "2017-10-29T13:42:27"}, {"id": "DEBIAN_DSA-3104.NASL", "type": "nessus", "title": "Debian DSA-3104-1 : bsd-mailx - security update", "description": "It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also removes the obsolete-T option. An older security vulnerability, CVE-2004-2771, had already been addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the-- separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invokemail -t or sendmail -i -t instead, passing the recipient addresses as part of the mail header.", "published": "2014-12-17T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80057", "cvelist": ["CVE-2014-7844"], "lastseen": "2017-10-29T13:43:33"}, {"id": "REDHAT-RHSA-2014-1999.NASL", "type": "nessus", "title": "RHEL 6 / 7 : mailx (RHSA-2014:1999)", "description": "Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe mailx packages contain a mail user agent that is used to manage mail using scripts.\n\nA flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality.\n(CVE-2004-2771, CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with '-' (so that they can be confused with mailx options). To counteract this issue, this update also introduces the '--' option, which will treat the remaining command line arguments as email addresses.\n\nAll mailx users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "published": "2014-12-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80074", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-10-29T13:41:13"}, {"id": "ORACLELINUX_ELSA-2014-1999.NASL", "type": "nessus", "title": "Oracle Linux 6 / 7 : mailx (ELSA-2014-1999)", "description": "From Red Hat Security Advisory 2014:1999 :\n\nUpdated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe mailx packages contain a mail user agent that is used to manage mail using scripts.\n\nA flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality.\n(CVE-2004-2771, CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with '-' (so that they can be confused with mailx options). To counteract this issue, this update also introduces the '--' option, which will treat the remaining command line arguments as email addresses.\n\nAll mailx users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "published": "2014-12-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80071", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-10-29T13:37:39"}, {"id": "SLACKWARE_SSA_2016-062-01.NASL", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : mailx (SSA:2016-062-01)", "description": "New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.", "published": "2016-03-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=89084", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-10-29T13:37:56"}, {"id": "F5_BIGIP_SOL16945.NASL", "type": "nessus", "title": "F5 Networks BIG-IP : Mailx vulnerabilities (K16945)", "description": "CVE-2014-7844 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell meta characters in an email address.\n\nCVE-2004-2771 A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta characters (CVE-2004-2771) and the direct command execution functionality (CVE-2014-7844).\n\nImpact\n\nA local attacker can cause mailx to execute arbitrary shell commands through shell meta-characters. These attacks require a trusted user with shell access to the system in question.", "published": "2017-04-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=99238", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-10-29T13:39:13"}, {"id": "OPENSUSE-2014-812.NASL", "type": "nessus", "title": "openSUSE Security Update : mailx (openSUSE-SU-2014:1713-1)", "description": "This mailx update fixes the following security issue :\n\nbsc#909208: shell command injection via crafted email addresses (CVE-2004-2771, CVE-2014-7844)", "published": "2014-12-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80274", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-10-29T13:33:59"}, {"id": "ALA_ALAS-2015-467.NASL", "type": "nessus", "title": "Amazon Linux AMI : mailx (ALAS-2015-467)", "description": "A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality.\n(CVE-2004-2771 , CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with '-' (so that they can be confused with mailx options). To counteract this issue, this update also introduces the '--' option, which will treat the remaining command line arguments as email addresses.", "published": "2015-01-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80418", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2018-04-19T07:57:21"}, {"id": "CENTOS_RHSA-2014-1999.NASL", "type": "nessus", "title": "CentOS 6 / 7 : mailx (CESA-2014:1999)", "description": "Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe mailx packages contain a mail user agent that is used to manage mail using scripts.\n\nA flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality.\n(CVE-2004-2771, CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with '-' (so that they can be confused with mailx options). To counteract this issue, this update also introduces the '--' option, which will treat the remaining command line arguments as email addresses.\n\nAll mailx users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "published": "2014-12-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80056", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-10-29T13:36:32"}, {"id": "SUSE_11_MAILX-141215.NASL", "type": "nessus", "title": "SuSE 11.3 Security Update : mailx (SAT Patch Number 10096)", "description": "This mailx update fixes the following security issues :\n\n - Shell command injection via crafted email addresses.\n (CVE-2004-2771 / CVE-2014-7844). (bnc#909208)", "published": "2014-12-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80251", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-10-29T13:41:25"}], "debian": [{"id": "DLA-113", "type": "debian", "title": "bsd-mailx -- LTS security update", "description": "It was discovered that bsd-mailx, an implementation of the mail command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the expandaddr in an appropriate mailrc file. This update also removes the obsolete -T option. An older security vulnerability, [CVE-2004-2771](<https://security-tracker.debian.org/tracker/CVE-2004-2771>), had already been addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the \"--\" separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invoke \"mail -t\" or \"sendmail -i -t\" instead, passing the recipient addresses as part of the mail header.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in version 8.1.2-0.20100314cvs-1+deb6u1.\n\nWe recommend that you upgrade your bsd-mailx packages.", "published": "2014-12-17T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://www.debian.org/security/2014/dla-113", "cvelist": ["CVE-2014-7844"], "lastseen": "2016-09-02T12:56:32"}, {"id": "DSA-3104", "type": "debian", "title": "bsd-mailx -- security update", "description": "It was discovered that bsd-mailx, an implementation of the mail command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the expandaddr in an appropriate mailrc file. This update also removes the obsolete `-T` option. An older security vulnerability, [CVE-2004-2771](<https://security-tracker.debian.org/tracker/CVE-2004-2771>), had already been addressed in the Debian's bsd-mailx package.\n\nNote that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the `--` separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invoke `mail -t` or `sendmail -i -t` instead, passing the recipient addresses as part of the mail header.\n\nFor the stable distribution (wheezy), this problem has been fixed in version 8.1.2-0.20111106cvs-1+deb7u1.\n\nWe recommend that you upgrade your bsd-mailx packages.", "published": "2014-12-16T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://www.debian.org/security/dsa-3104", "cvelist": ["CVE-2014-7844"], "lastseen": "2016-09-02T18:21:09"}, {"id": "DSA-3105", "type": "debian", "title": "heirloom-mailx -- security update", "description": "Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the mail command:\n\n * [CVE-2004-2771](<https://security-tracker.debian.org/tracker/CVE-2004-2771>)\n\nmailx interprets shell meta-characters in certain email addresses.\n\n * [CVE-2014-7844](<https://security-tracker.debian.org/tracker/CVE-2014-7844>)\n\nAn unexpected feature of mailx treats syntactically valid email addresses as shell commands to execute.\n\nShell command execution can be re-enabled using the expandaddr option.\n\nNote that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the `--` separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invoke `mail -t` or `sendmail -i -t` instead, passing the recipient addresses as part of the mail header.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 12.5-2+deb7u1.\n\nWe recommend that you upgrade your heirloom-mailx packages.", "published": "2014-12-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3105", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2016-09-02T18:33:54"}, {"id": "DLA-114", "type": "debian", "title": "heirloom-mailx -- LTS security update", "description": "Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the mail command:\n\n * [CVE-2004-2771](<https://security-tracker.debian.org/tracker/CVE-2004-2771>)\n\nmailx interprets shell meta-characters in certain email addresses.\n\n * [CVE-2014-7844](<https://security-tracker.debian.org/tracker/CVE-2014-7844>)\n\nAn unexpected feature of mailx treats syntactically valid email addresses as shell commands to execute.\n\nShell command execution can be re-enabled using the expandaddr option.\n\nNote that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the \"--\" separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invoke \"mail -t\" or \"sendmail -i -t\" instead, passing the recipient addresses as part of the mail header.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in version 12.4-2+deb6u1.\n\nWe recommend that you upgrade your heirloom-mailx packages.", "published": "2014-12-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/2014/dla-114", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2016-09-02T12:57:01"}], "openvas": [{"id": "OPENVAS:1361412562310842071", "type": "openvas", "title": "Ubuntu Update for bsd-mailx USN-2455-1", "description": "Check the version of bsd-mailx", "published": "2015-01-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842071", "cvelist": ["CVE-2014-7844"], "lastseen": "2017-12-04T11:23:55"}, {"id": "OPENVAS:703104", "type": "openvas", "title": "Debian Security Advisory DSA 3104-1 (bsd-mailx - security update)", "description": "It was discovered that bsd-mailx,\nan implementation of the mail command, had an undocumented feature which treats\nsyntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the expandaddr in an\nappropriate mailrc file. This update also removes the obsolete -T option. An\nolder security vulnerability, CVE-2004-2771, had already been addressed in the\nDebian", "published": "2014-12-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703104", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-08-03T10:48:52"}, {"id": "OPENVAS:1361412562310120453", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2015-467", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120453", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-07-24T12:52:42"}, {"id": "OPENVAS:1361412562310868798", "type": "openvas", "title": "Fedora Update for mailx FEDORA-2014-17277", "description": "Check the version of mailx", "published": "2015-01-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868798", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-07-25T10:52:55"}, {"id": "OPENVAS:1361412562310868685", "type": "openvas", "title": "Fedora Update for mailx FEDORA-2014-17245", "description": "Check the version of mailx", "published": "2015-01-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868685", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-07-25T10:53:20"}, {"id": "OPENVAS:1361412562310868698", "type": "openvas", "title": "Fedora Update for mailx FEDORA-2014-17243", "description": "Check the version of mailx", "published": "2015-01-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868698", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-07-25T10:53:40"}, {"id": "OPENVAS:1361412562310123220", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1999", "description": "Oracle Linux Local Security Checks ELSA-2014-1999", "published": "2015-10-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123220", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-07-24T12:53:22"}, {"id": "OPENVAS:703105", "type": "openvas", "title": "Debian Security Advisory DSA 3105-1 (heirloom-mailx - security update)", "description": "Two security vulnerabilities were\ndiscovered in Heirloom mailx, an implementation of the mail command:\n\nCVE-2004-2771\nmailx interprets interprets shell meta-characters in certain email\naddresses.\n\nCVE-2014-7844\nAn unexpected feature of mailx treats syntactically valid email\naddresses as shell commands to execute.\n\nShell command execution can be re-enabled using the expandaddr\noption.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n-- separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke\nmail -t or sendmail -i -t instead, passing the recipient addresses\nas part of the mail header.", "published": "2014-12-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703105", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-07-27T10:48:22"}, {"id": "OPENVAS:1361412562310703105", "type": "openvas", "title": "Debian Security Advisory DSA 3105-1 (heirloom-mailx - security update)", "description": "Two security vulnerabilities were\ndiscovered in Heirloom mailx, an implementation of the mail command:\n\nCVE-2004-2771\nmailx interprets interprets shell meta-characters in certain email\naddresses.\n\nCVE-2014-7844\nAn unexpected feature of mailx treats syntactically valid email\naddresses as shell commands to execute.\n\nShell command execution can be re-enabled using the expandaddr\noption.\n\nNote that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n-- separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke\nmail -t or sendmail -i -t instead, passing the recipient addresses\nas part of the mail header.", "published": "2014-12-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703105", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2018-04-06T11:10:30"}, {"id": "OPENVAS:1361412562310703104", "type": "openvas", "title": "Debian Security Advisory DSA 3104-1 (bsd-mailx - security update)", "description": "It was discovered that bsd-mailx,\nan implementation of the mail command, had an undocumented feature which treats\nsyntactically valid email addresses as shell commands to execute.\n\nUsers who need this feature can re-enable it using the expandaddr in an\nappropriate mailrc file. This update also removes the obsolete -T option. An\nolder security vulnerability, CVE-2004-2771, had already been addressed in the\nDebian", "published": "2014-12-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703104", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2018-04-06T11:11:34"}], "ubuntu": [{"id": "USN-2455-1", "type": "ubuntu", "title": "bsd-mailx vulnerability", "description": "It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands.\n\nThis functionality has now been disabled by default, and can be re-enabled with the \u201cexpandaddr\u201d configuration option. This update alone does not remove all possibilities of command execution. In environments where scripts use mailx to process arbitrary email addresses, it is recommended to modify them to use a \u201c\u2013\u201d separator before the address to properly handle those that begin with \u201c-\u201d. In addition, specifying sendmail options after the \u201c\u2013\u201d separator is no longer supported, existing scripts may need to be modified to use the \u201c-a\u201d option instead.", "published": "2015-01-07T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://usn.ubuntu.com/2455-1/", "cvelist": ["CVE-2014-7844"], "lastseen": "2018-03-29T18:20:41"}], "slackware": [{"id": "SSA-2016-062-01", "type": "slackware", "title": "mailx", "description": "New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/mailx-12.5-i486-2_slack14.1.txz: Rebuilt.\n Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues\n that could allow a local attacker to cause mailx to execute arbitrary\n shell commands through the use of a specially-crafted email address.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mailx-12.5-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mailx-12.5-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mailx-12.5-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mailx-12.5-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mailx-12.5-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mailx-12.5-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mailx-12.5-i486-2_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mailx-12.5-x86_64-2_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mailx-12.5-i486-2_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mailx-12.5-x86_64-2_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mailx-12.5-i586-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/mailx-12.5-x86_64-2.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n38ee95ec8ed3dfdaf2f736e3e0e3fc39 mailx-12.5-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n1df63fd2f328a10beca73a155b79ff3c mailx-12.5-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n7ed6abe0adf99fe6cc2a820ca7b4086d mailx-12.5-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n991ac2b0121330bdb3ecd1f32f62d53c mailx-12.5-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n5f8ddb457a40ebbb5ea83b086c2ca964 mailx-12.5-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n9898bb8aa35e1c7ea21898aafe2de0e6 mailx-12.5-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n8a52d8cf54387eb6de3a00a90334694b mailx-12.5-i486-2_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nabe166a6d5e80195f6a07213ad0f89c9 mailx-12.5-x86_64-2_slack14.0.txz\n\nSlackware 14.1 package:\n39496e377649bc8c5ed75c15dc9d2505 mailx-12.5-i486-2_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ncded8a78db70f0e5208475c988b4facb mailx-12.5-x86_64-2_slack14.1.txz\n\nSlackware -current package:\n2c416a0e6e988dac27b99bb5eda67224 n/mailx-12.5-i586-2.txz\n\nSlackware x86_64 -current package:\n237538b03e07025f97eb21708fda82bc n/mailx-12.5-x86_64-2.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mailx-12.5-i486-2_slack14.1.txz", "published": "2016-03-02T22:56:13", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.510514", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2018-02-02T18:11:33"}], "redhat": [{"id": "RHSA-2014:1999", "type": "redhat", "title": "(RHSA-2014:1999) Moderate: mailx security update", "description": "The mailx packages contain a mail user agent that is used to manage mail\nusing scripts.\n\nA flaw was found in the way mailx handled the parsing of email addresses.\nA syntactically valid email address could allow a local attacker to cause\nmailx to execute arbitrary shell commands through shell meta-characters and\nthe direct command execution functionality. (CVE-2004-2771, CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained from\nuntrusted sources will still remain vulnerable to other attacks if they\naccept email addresses which start with \"-\" (so that they can be confused\nwith mailx options). To counteract this issue, this update also introduces\nthe \"--\" option, which will treat the remaining command line arguments as\nemail addresses.\n\nAll mailx users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "published": "2014-12-16T05:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1999", "cvelist": ["CVE-2004-2771", "CVE-2014-7844"], "lastseen": "2018-04-15T12:23:37"}], "amazon": [{"id": "ALAS-2015-467", "type": "amazon", "title": "Medium: mailx", "description": "**Issue Overview:**\n\nA flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. ([CVE-2004-2771 __](<https://access.redhat.com/security/cve/CVE-2004-2771>), [CVE-2014-7844 __](<https://access.redhat.com/security/cve/CVE-2014-7844>))\n\nNote: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with \"-\" (so that they can be confused with mailx options). To counteract this issue, this update also introduces the \"--\" option, which will treat the remaining command line arguments as email addresses.\n\n \n**Affected Packages:** \n\n\nmailx\n\n \n**Issue Correction:** \nRun _yum update mailx_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n mailx-12.4-8.8.amzn1.i686 \n mailx-debuginfo-12.4-8.8.amzn1.i686 \n \n src: \n mailx-12.4-8.8.amzn1.src \n \n x86_64: \n mailx-debuginfo-12.4-8.8.amzn1.x86_64 \n mailx-12.4-8.8.amzn1.x86_64 \n \n \n", "published": "2015-01-08T11:37:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-467.html", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2016-09-28T21:04:02"}], "gentoo": [{"id": "GLSA-201804-06", "type": "gentoo", "title": "mailx: Multiple vulnerabilities", "description": "### Background\n\nA utility program for sending and receiving mail, also known as a Mail User Agent program. \n\n### Description\n\nMultiple vulnerabilities have been discovered in mailx. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could execute arbitrary commands.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll mailx users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/mailx-8.1.2.20160123\"", "published": "2018-04-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201804-06", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2018-04-09T03:17:51"}], "centos": [{"id": "CESA-2014:1999", "type": "centos", "title": "mailx security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:1999\n\n\nThe mailx packages contain a mail user agent that is used to manage mail\nusing scripts.\n\nA flaw was found in the way mailx handled the parsing of email addresses.\nA syntactically valid email address could allow a local attacker to cause\nmailx to execute arbitrary shell commands through shell meta-characters and\nthe direct command execution functionality. (CVE-2004-2771, CVE-2014-7844)\n\nNote: Applications using mailx to send email to addresses obtained from\nuntrusted sources will still remain vulnerable to other attacks if they\naccept email addresses which start with \"-\" (so that they can be confused\nwith mailx options). To counteract this issue, this update also introduces\nthe \"--\" option, which will treat the remaining command line arguments as\nemail addresses.\n\nAll mailx users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-December/020836.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-December/020837.html\n\n**Affected packages:**\nmailx\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1999.html", "published": "2014-12-16T20:39:59", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-December/020836.html", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2017-10-03T18:25:31"}], "oraclelinux": [{"id": "ELSA-2014-1999", "type": "oraclelinux", "title": "mailx security update", "description": "[12.4-8]\n- CVE-2004-2771 mailx: command execution flaw\n resolves: #1171175", "published": "2014-12-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-1999.html", "cvelist": ["CVE-2014-7844", "CVE-2004-2771"], "lastseen": "2016-09-04T11:16:21"}]}}
