Vulnerability Description
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Linux | 6 |
| Redhat | Enterprise Linux | 6.0 |
| Bsd Mailx Project | Bsd Mailx | <= 8.1.2 |
| Heirloom | Mailx | <= 12.5 |
Related Weaknesses (CWE)
References
- http://linux.oracle.com/errata/ELSA-2014-1999.html
- http://rhn.redhat.com/errata/RHSA-2014-1999.html
- http://seclists.org/oss-sec/2014/q4/1066
- http://secunia.com/advisories/60940
- http://secunia.com/advisories/61585
- http://secunia.com/advisories/61693
- http://www.debian.org/security/2014/dsa-3105
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748Exploit
- http://linux.oracle.com/errata/ELSA-2014-1999.html
- http://rhn.redhat.com/errata/RHSA-2014-1999.html
- http://seclists.org/oss-sec/2014/q4/1066
- http://secunia.com/advisories/60940
- http://secunia.com/advisories/61585
- http://secunia.com/advisories/61693
- http://www.debian.org/security/2014/dsa-3105
FAQ
What is CVE-2004-2771?
CVE-2004-2771 is a vulnerability with a CVSS score of 7.5 (HIGH). The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
How severe is CVE-2004-2771?
CVE-2004-2771 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2771?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Linux, Redhat Enterprise Linux, Bsd Mailx Project Bsd Mailx, Heirloom Mailx.