CVE-2004-2771
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
| Software | From | Fixed in |
|---|---|---|
| oracle / linux | 6 | 6.x |
| oracle / linux | 7 | 7.x |
| redhat / enterprise_linux | 7.0 | 7.0.x |
| redhat / enterprise_linux | 6.0 | 6.0.x |
| bsd_mailx_project / bsd_mailx | - | 8.1.2.x |
| heirloom / mailx | - | 12.5.x |
- http://linux.oracle.com/errata/ELSA-2014-1999.html
- http://rhn.redhat.com/errata/RHSA-2014-1999.html
- http://seclists.org/oss-sec/2014/q4/1066
- http://secunia.com/advisories/60940
- http://secunia.com/advisories/61585
- http://secunia.com/advisories/61693
- http://www.debian.org/security/2014/dsa-3105
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime