PT-2014-2062 · Bsd+4 · Bsd Mailx+4

Seungbeom Kim

Publicado

2014-12-16

Atualizado

2024-06-15

CVE-2004-2771

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Heirloom mailx versions 12.5 and earlier BSD mailx versions 8.1.2 and earlier

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in an email address, specifically through the expand function in fio.c.

Recommendations For Heirloom mailx versions 12.5 and earlier, update to a version later than 12.5 to resolve the issue. For BSD mailx versions 8.1.2 and earlier, update to a version later than 8.1.2 to resolve the issue. As a temporary workaround, consider restricting the use of email addresses that may contain shell metacharacters until a patch is available.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

AZL-36961

AZL-6676

AZL-7286

CESA-2014_1999

CVE-2004-2771

DLA-114-1

DSA-3105-1

MGASA-2014-0538

OPENSUSE-SU-2024:10561-1

RHSA-2014:1999

RHSA-2014_1999

SUSE-RU-2015:0876-1

SUSE-SU-2014_1658-1

SUSE-SU-2014_1696-1

Produtos afetados

Bsd Mailx

Centos

Heirloom Mailx

Red Hat

Suse

PT-2014-2062 · Bsd+4 · Bsd Mailx+4

CVE-2004-2771

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26