Vulnerabilites related to heirloom - mailx
Vulnerability from fkie_nvd
Published
2014-12-24 18:59
Modified
2024-11-20 23:54
Severity ?
Summary
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | linux | 6 | |
| oracle | linux | 7 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| bsd_mailx_project | bsd_mailx | * | |
| heirloom | mailx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bsd_mailx_project:bsd_mailx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05584BFD-1732-4D2C-82A2-7DA30DC93FEA",
"versionEndIncluding": "8.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:heirloom:mailx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08806745-B648-4E1D-93B3-715FF017D06C",
"versionEndIncluding": "12.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address."
},
{
"lang": "es",
"value": "La funci\u00f3n extendida en fio.c en Heirloom mailx 12.5 y anteriores y BSD mailx 8.1.2 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s metacaracteres de shell en una direcci\u00f3n de correo electr\u00f3nico."
}
],
"id": "CVE-2004-2771",
"lastModified": "2024-11-20T23:54:10.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-24T18:59:00.103",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2014/q4/1066"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60940"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61585"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61693"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3105"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q4/1066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2004-2771
Vulnerability from cvelistv5
Published
2014-12-24 18:00
Modified
2024-08-08 01:36
Severity ?
EPSS score ?
Summary
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
References
| ▼ | URL | Tags |
|---|---|---|
| http://linux.oracle.com/errata/ELSA-2014-1999.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-3105 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/61693 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2014/q4/1066 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/60940 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/61585 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2014-1999.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
},
{
"name": "DSA-3105",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3105"
},
{
"name": "61693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61693"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748"
},
{
"name": "[oss-security] 20141216 mailx issues (CVE-2004-2771, CVE-2014-7844)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q4/1066"
},
{
"name": "60940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60940"
},
{
"name": "61585",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61585"
},
{
"name": "RHSA-2014:1999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-24T17:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
},
{
"name": "DSA-3105",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3105"
},
{
"name": "61693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61693"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748"
},
{
"name": "[oss-security] 20141216 mailx issues (CVE-2004-2771, CVE-2014-7844)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q4/1066"
},
{
"name": "60940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60940"
},
{
"name": "61585",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61585"
},
{
"name": "RHSA-2014:1999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2004-2771",
"datePublished": "2014-12-24T18:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}