CVE-2004-2771

Oracle Linux < 8.1.2 - Improper Input Validation

Title source: rule
STIX 2.1

Description

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

References (8)

Core 8
Core References
Various Sources x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1999.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3105
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61693
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q4/1066
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60940
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61585
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1999.html

Scores

EPSS 0.0686
EPSS Percentile 93.3%

Details

CWE
CWE-20
Status published
Products (6)
bsd_mailx_project/bsd_mailx < 8.1.2
heirloom/mailx < 12.5
oracle/linux 6
oracle/linux 7
redhat/enterprise_linux 6.0
redhat/enterprise_linux 7.0
Published Dec 24, 2014
Tracked Since Feb 18, 2026