CVE-2004-2771 — Improper Input Validation in Mailx Project BSD Mailx

CWE-20 — Improper Input Validation CWE-78 — OS Command Injection12 documents8 sources

Severity

7.5HIGHNVD

EPSS

2.9%

top 13.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BSD Mailx Project BSD Mailx Heirloom Mailx Oracle Linux +1 more

Timeline

PublishedDec 24

Latest updateJun 11

Description

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDheirloom/mailx12.5

▶NVDbsd_mailx_project/bsd_mailx8.1.2

▶NVDoracle/linux6, 7+1

Also affects: Enterprise Linux 6.0, 7.0

🔴Vulnerability Details

GHSA

GHSA-3f68-9fxg-g2j6: The expand function in fio↗2022-04-29

▶

OSV

CVE-2004-2771: The expand function in fio↗2014-12-24

▶

CVEList

CVE-2004-2771: The expand function in fio↗2014-12-24

▶

📋Vendor Advisories

Microsoft

CVE-2004-2771: NIST NVD Details: https://nvd↗2024-06-11

▶

Red Hat

mailx: command execution flaw↗2014-12-16

▶

Red Hat

mailx: command execution flaw↗2014-12-16

▶

Debian

CVE-2004-2771: bsd-mailx - The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8....↗2004

▶

💬Community

Bugzilla

CVE-2004-2771 CVE-2014-7844 nail: mailx: command execution flaw [epel-5]↗2014-12-17

▶

Bugzilla

CVE-2004-2771 CVE-2014-7844 mailx: command execution flaw [fedora-all]↗2014-12-16

▶

Bugzilla

CVE-2004-2771 CVE-2014-7844 bsd-mailx: mailx: command execution flaw [epel-6]↗2014-12-16

▶

Bugzilla

CVE-2004-2771 CVE-2014-7844 mailx: command execution flaw↗2014-11-11

▶