Vulnerability Details CVE-2004-2771
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 83.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://linux.oracle.com/errata/ELSA-2014-1999.html
- http://rhn.redhat.com/errata/RHSA-2014-1999.html
- http://seclists.org/oss-sec/2014/q4/1066
- http://secunia.com/advisories/60940
- http://secunia.com/advisories/61585
- http://secunia.com/advisories/61693
- http://www.debian.org/security/2014/dsa-3105
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748
- http://linux.oracle.com/errata/ELSA-2014-1999.html
- http://rhn.redhat.com/errata/RHSA-2014-1999.html
- http://seclists.org/oss-sec/2014/q4/1066
- http://secunia.com/advisories/60940
- http://secunia.com/advisories/61585
- http://secunia.com/advisories/61693
- http://www.debian.org/security/2014/dsa-3105
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748
Products affected by CVE-2004-2771
-
cpe:2.3:a:bsd_mailx_project:bsd_mailx:8.1.2
-
cpe:2.3:a:heirloom:mailx:12.0
-
cpe:2.3:a:heirloom:mailx:12.1
-
cpe:2.3:a:heirloom:mailx:12.2
-
cpe:2.3:a:heirloom:mailx:12.3
-
cpe:2.3:a:heirloom:mailx:12.4
-
cpe:2.3:a:heirloom:mailx:12.5
-
cpe:2.3:o:oracle:linux:6
-
cpe:2.3:o:oracle:linux:7
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0