PT-2014-2062 · Bsd+4 · Bsd Mailx+4

Seungbeom Kim

Published

2014-12-16

Updated

2024-06-15

CVE-2004-2771

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Heirloom mailx versions 12.5 and earlier BSD mailx versions 8.1.2 and earlier

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in an email address, specifically through the expand function in fio.c.

Recommendations For Heirloom mailx versions 12.5 and earlier, update to a version later than 12.5 to resolve the issue. For BSD mailx versions 8.1.2 and earlier, update to a version later than 8.1.2 to resolve the issue. As a temporary workaround, consider restricting the use of email addresses that may contain shell metacharacters until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

AZL-36961

AZL-6676

AZL-7286

CESA-2014_1999

CVE-2004-2771

DLA-114-1

DSA-3105-1

MGASA-2014-0538

OPENSUSE-SU-2024:10561-1

RHSA-2014:1999

RHSA-2014_1999

SUSE-RU-2015:0876-1

SUSE-SU-2014_1658-1

SUSE-SU-2014_1696-1

Affected Products

Bsd Mailx

Centos

Heirloom Mailx

Red Hat

Suse

PT-2014-2062 · Bsd+4 · Bsd Mailx+4

CVE-2004-2771

Weakness Enumeration

Related Identifiers

Affected Products

References · 26