7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
mailx is vulnerable to arbitrary command execution. A remote attacker is able to execute arbitrary commands through the expand
function in fio.c
using shell metacharacters in a malicious email address.
CPE | Name | Operator | Version |
---|---|---|---|
mailx | eq | 12.4__7.el6 | |
mailx | eq | 12.4__6.el6 | |
mailx | eq | 12.4__7.el6 | |
mailx | eq | 12.4__6.el6 |
linux.oracle.com/errata/ELSA-2014-1999.html
rhn.redhat.com/errata/RHSA-2014-1999.html
seclists.org/oss-sec/2014/q4/1066
secunia.com/advisories/60940
secunia.com/advisories/61585
secunia.com/advisories/61693
www.debian.org/security/2014/dsa-3105
access.redhat.com/errata/RHSA-2014:1999
access.redhat.com/security/cve/CVE-2004-2771
access.redhat.com/security/updates/classification/#moderate
bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748
bugzilla.redhat.com/show_bug.cgi?id=1162783
rhn.redhat.com/errata/RHSA-2014-1999.html