BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
References
Link | Resource |
---|---|
http://linux.oracle.com/errata/ELSA-2014-1999.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2014-1999.html | Third Party Advisory |
http://seclists.org/oss-sec/2014/q4/1066 | Mailing List Patch Third Party Advisory |
http://www.debian.org/security/2014/dsa-3104 | Third Party Advisory |
http://www.debian.org/security/2014/dsa-3105 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2020-01-14 17:15
Updated : 2024-02-28 17:28
NVD link : CVE-2014-7844
Mitre link : CVE-2014-7844
CVE.ORG link : CVE-2014-7844
JSON object : View
Products Affected
debian
- debian_linux
redhat
- enterprise_linux_desktop
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_server_tus
- enterprise_linux_server_eus
- enterprise_linux_workstation
bsd_mailx_project
- bsd_mailx
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')