7.5

CVE-2004-2771

Exploit
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleLinux Version6
OracleLinux Version7
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
Bsd Mailx ProjectBsd Mailx Version <= 8.1.2
HeirloomMailx Version <= 12.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.86% 0.932
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://linux.oracle.com/errata/ELSA-2014-1999.html
http://rhn.redhat.com/errata/RHSA-2014-1999.html
http://seclists.org/oss-sec/2014/q4/1066
http://secunia.com/advisories/60940
http://secunia.com/advisories/61585
http://secunia.com/advisories/61693
http://www.debian.org/security/2014/dsa-3105
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748
Exploit