MidnightBSD

Advisories for bsd_mailx_project

CVE-2004-2771 HIGH

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
heirloom mailx *
oracle linux 7
redhat enterprise_linux 6.0
oracle linux 6
redhat enterprise_linux 7.0
bsd_mailx_project bsd_mailx *
CVE-2014-7844 HIGH

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server_eus 6.6
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_tus 7.6
bsd_mailx_project bsd_mailx 8.1.2
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.7