Vulnerability Details CVE-2004-2771
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://linux.oracle.com/errata/ELSA-2014-1999.html
- http://rhn.redhat.com/errata/RHSA-2014-1999.html
- http://seclists.org/oss-sec/2014/q4/1066
- http://secunia.com/advisories/60940
- http://secunia.com/advisories/61585
- http://secunia.com/advisories/61693
- http://www.debian.org/security/2014/dsa-3105
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748
- http://linux.oracle.com/errata/ELSA-2014-1999.html
- http://rhn.redhat.com/errata/RHSA-2014-1999.html
- http://seclists.org/oss-sec/2014/q4/1066
- http://secunia.com/advisories/60940
- http://secunia.com/advisories/61585
- http://secunia.com/advisories/61693
- http://www.debian.org/security/2014/dsa-3105
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748
Products affected by CVE-2004-2771
-
cpe:2.3:a:bsd_mailx_project:bsd_mailx:8.1.2
-
cpe:2.3:a:heirloom:mailx:12.0
-
cpe:2.3:a:heirloom:mailx:12.1
-
cpe:2.3:a:heirloom:mailx:12.2
-
cpe:2.3:a:heirloom:mailx:12.3
-
cpe:2.3:a:heirloom:mailx:12.4
-
cpe:2.3:a:heirloom:mailx:12.5
-
cpe:2.3:o:oracle:linux:6
-
cpe:2.3:o:oracle:linux:7
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0