CVE-2004-2771

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/61585
http://secunia.com/advisories/60940
http://secunia.com/advisories/61693
http://www.debian.org/security/2014/dsa-3105
http://seclists.org/oss-sec/2014/q4/1066
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748	Exploit
http://rhn.redhat.com/errata/RHSA-2014-1999.html
http://linux.oracle.com/errata/ELSA-2014-1999.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:oracle:linux:7:::::::*
	cpe:2.3:o:oracle:linux:6:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

Configuration 3 (hide)

cpe:2.3:a:bsd_mailx_project:bsd_mailx:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:heirloom:mailx:*:*:*:*:*:*:*:*

Information

Published : 2014-12-24 18:59

Updated : 2019-12-27 16:08

NVD link : CVE-2004-2771

Mitre link : CVE-2004-2771

JSON object : View

Products Affected

oracle

linux

bsd_mailx_project

bsd_mailx

redhat

enterprise_linux

heirloom

mailx

CWE

CWE-20

Improper Input Validation

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/61585", "name": "61585", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/60940", "name": "60940", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/61693", "name": "61693", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2014/dsa-3105", "name": "DSA-3105", "tags": [], "refsource": "DEBIAN"}, {"url": "http://seclists.org/oss-sec/2014/q4/1066", "name": "[oss-security] 20141216 mailx issues (CVE-2004-2771, CVE-2014-7844)", "tags": [], "refsource": "MLIST"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748", "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748", "tags": ["Exploit"], "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html", "name": "RHSA-2014:1999", "tags": [], "refsource": "REDHAT"}, {"url": "http://linux.oracle.com/errata/ELSA-2014-1999.html", "name": "http://linux.oracle.com/errata/ELSA-2014-1999.html", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-2771", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-12-24T18:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:bsd_mailx_project:bsd_mailx:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.1.2"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:heirloom:mailx:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "12.5"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-12-27T16:08Z"}