42 matches found
Linux Distros Unpatched Vulnerability : CVE-2004-2771
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell...
CBL Mariner 2.0 Security Update: mailx (CVE-2004-2771)
The version of mailx installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2004-2771 advisory. - The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote...
CVE-2004-2771 affecting package mailx for versions less than 12.5-36
CVE-2004-2771 affecting package mailx for versions less than 12.5-36. A patched version of the package is available...
Debian: Security Advisory (DLA-113-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2004-2771 affecting package mailx for versions less than 12.5-34
CVE-2004-2771 affecting package mailx for versions less than 12.5-34. A patched version of the package is available...
CVE-2004-2771 affecting package mailx for versions less than 12.5-34
CVE-2004-2771 affecting package mailx for versions less than 12.5-34. A patched version of the package is available...
SUSE: Security Advisory (SUSE-SU-2014:1696-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
F5 Networks BIG-IP : Mailx vulnerabilities (K16945)
CVE-2014-7844 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell meta characters in an email address. CVE-2004-2771 A flaw was found in the way mailx handled the parsing of email addresses...
Oracle: Security Advisory (ELSA-2014-1999)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux: Security Advisory (ALAS-2015-467)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-113-1 : bsd-mailx security update
It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also...
Debian DLA-114-1 : heirloom-mailx security update
Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the 'mail' command : CVE-2004-2771 mailx interprets interprets shell meta-characters in certain email addresses. CVE-2014-7844 An unexpected feature of mailx treats syntactically valid email addresses as shell...
Mandriva Linux Security Advisory : nail (MDVSA-2015:011)
Updated nail package fixes security vulnerabilities : A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command...
Medium: mailx
Issue Overview: A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. CVE-2004-2771...
Fedora Update for mailx FEDORA-2014-17277
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 19 : mailx-12.5-9.fc19 (2014-17277)
Security fix for CVE-2004-2771, CVE-2014-7844 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 20 : mailx-12.5-11.fc20 (2014-17245)
Security fix for CVE-2004-2771, CVE-2014-7844 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 21 : mailx-12.5-14.fc21 (2014-17243)
Security fix for CVE-2004-2771, CVE-2014-7844 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
OracleVM 3.3 : mailx (OVMSA-2014-0086)
The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2004-2771 mailx: command execution flaw resolves: 1171175 - resolves: 857120 fixed incorrect return code when TMPDIR points to invalid path - resolves: 845098 added support for alternatives...
openSUSE Security Update : mailx (openSUSE-SU-2014:1713-1)
This mailx update fixes the following security issue : bsc909208: shell command injection via crafted email addresses CVE-2004-2771, CVE-2014-7844 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...