PT-2002-2230 · Heirloom+1 · Mailx+2

Published

2002-11-12

Updated

2016-10-18

CVE-2002-1271

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: perl-MailTools package versions 1.47 and earlier

Description: The issue concerns the Mail::Mailer Perl module, which uses mailx as the default mailer. This setup allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.

Recommendations: For perl-MailTools package versions 1.47 and earlier, consider updating to a version that does not use mailx as the default mailer or changing the default mailer to one that does not process commands from the mail body. As a temporary workaround, consider restricting the use of the mailx mailer until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1271

DSA-386

Affected Products

Mail::Mailer

Mailx

Perl-Mailtools

PT-2002-2230 · Heirloom+1 · Mailx+2

CVE-2002-1271

Related Identifiers

Affected Products

References · 11