CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 1CVE-2004-2771 – mailx: command execution flaw
https://notcve.org/view.php?id=CVE-2004-2771
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address. La función extendida en fio.c en Heirloom mailx 12.5 y anteriores y BSD mailx 8.1.2 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través metacaracteres de shell en una dirección de correo electrónico. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters (CVE-2004-2771) and the direct command execution functionality (CVE-2014-7844). • http://linux.oracle.com/errata/ELSA-2014-1999.html http://rhn.redhat.com/errata/RHSA-2014-1999.html http://seclists.org/oss-sec/2014/q4/1066 http://secunia.com/advisories/60940 http://secunia.com/advisories/61585 http://secunia.com/advisories/61693 http://www.debian.org/security/2014/dsa-3105 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748 https://access.redhat.com/security/cve/CVE-2004-2771 https://bugzilla.redhat.com/show_bug.cgi?id=1162783 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 2CVE-2000-0545 – BSD 'mailx' 8.1.1-10 - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-0545
Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter. • https://www.exploit-db.com/exploits/19991 https://www.exploit-db.com/exploits/19992 http://archives.neohapsis.com/archives/bugtraq/2000-05/0435.html http://www.debian.org/security/2000/20000605 http://www.securityfocus.com/bid/1305 •