Veracode Vulnerability DatabaseVERACODE:15961OS Command Injection
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
mailx is vulnerable to OS command injection. A syntactically valid email address could allow a local attacker to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mailx | eq | 12.4__7.el6 | |
| mailx | eq | 12.4__6.el6 | |
| mailx | eq | 12.4__7.el6 | |
| mailx | eq | 12.4__6.el6 |
References
linux.oracle.com/errata/ELSA-2014-1999.html
rhn.redhat.com/errata/RHSA-2014-1999.html
seclists.org/oss-sec/2014/q4/1066
www.debian.org/security/2014/dsa-3104
www.debian.org/security/2014/dsa-3105
access.redhat.com/errata/RHSA-2014:1999
access.redhat.com/security/cve/CVE-2014-7844
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1162783
rhn.redhat.com/errata/RHSA-2014-1999.html
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C