PT-2002-2230 · Heirloom+1 · Mailx+2

Publicado

2002-11-12

Atualizado

2016-10-18

CVE-2002-1271

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: perl-MailTools package versions 1.47 and earlier

Description: The issue concerns the Mail::Mailer Perl module, which uses mailx as the default mailer. This setup allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.

Recommendations: For perl-MailTools package versions 1.47 and earlier, consider updating to a version that does not use mailx as the default mailer or changing the default mailer to one that does not process commands from the mail body. As a temporary workaround, consider restricting the use of the mailx mailer until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-1271

DSA-386

Produtos afetados

Mail::Mailer

Mailx

Perl-Mailtools

PT-2002-2230 · Heirloom+1 · Mailx+2

CVE-2002-1271

Identificadores relacionados

Produtos afetados

Referências · 11