CVE-2002-1271

The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.

Published: Nov 12, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1271
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
perl-mailtools / perl-mailtools	1.44	1.44.x
perl-mailtools / perl-mailtools	1.15	1.15.x
perl-mailtools / perl-mailtools	1.13	1.13.x
perl-mailtools / perl-mailtools	1.40	1.40.x
perl-mailtools / perl-mailtools	1.1401	1.1401.x
perl-mailtools / perl-mailtools	1.42	1.42.x
perl-mailtools / perl-mailtools	1.47	1.47.x

http://marc.info/?l=bugtraq&m=103659723101369&w=2
http://marc.info/?l=bugtraq&m=103679569705086&w=2
http://www.debian.org/security/2003/dsa-386
http://www.iss.net/security_center/static/10548.php
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php
http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html
http://www.securityfocus.com/bid/6104

Vulnerability Database

CVE-2002-1271