all things security
Showing 1 - 7 of 7 RSS Feed

CVE-2014-7844

Status Candidate

Overview

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Related Files

Slackware Security Advisory - mailx Updates
Posted Mar 3, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2004-2771, CVE-2014-7844
MD5 | 78ab6826383cdd190a10f3b03093307c
Apple Security Advisory 2015-08-13-2
Posted Aug 13, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-08-13-2 - OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCIController, and more.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2009-5044, CVE-2009-5078, CVE-2012-6685, CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2013-7040, CVE-2013-7338, CVE-2013-7422, CVE-2014-0067, CVE-2014-0106, CVE-2014-0191, CVE-2014-1912, CVE-2014-3581, CVE-2014-3583, CVE-2014-3613, CVE-2014-3620, CVE-2014-3660, CVE-2014-3707, CVE-2014-7185, CVE-2014-7844, CVE-2014-8109, CVE-2014-8150, CVE-2014-8151, CVE-2014-8161, CVE-2014-8767, CVE-2014-8769
MD5 | 4a5d37a22b2a5dc65f8821a63540e1c6
Mandriva Linux Security Advisory 2015-011
Posted Jan 8, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-011 - A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality.

tags | advisory, arbitrary, shell, local
systems | linux, mandriva
advisories | CVE-2004-2771, CVE-2014-7844
MD5 | f9d0b8377ba43e4940023275708bdd69
Ubuntu Security Notice USN-2455-1
Posted Jan 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2455-1 - It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and can be re-enabled with the "expandaddr" configuration option. This update alone does not remove all possibilities of command execution. In environments where scripts use mailx to process arbitrary email addresses, it is recommended to modify them to use a "--" separator before the address to properly handle those that begin with "-". Various other issues were also addressed.

tags | advisory, remote, arbitrary, shell
systems | linux, bsd, ubuntu
advisories | CVE-2014-7844
MD5 | a01c6cddbe1fbf6bfc8a2cbc8e906e31
Red Hat Security Advisory 2014-1999-01
Posted Dec 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1999-01 - The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with "-". To counteract this issue, this update also introduces the "--" option, which will treat the remaining command line arguments as email addresses.

tags | advisory, arbitrary, shell, local
systems | linux, redhat
advisories | CVE-2004-2771, CVE-2014-7844
MD5 | 543f206a3ea8d0ad612ed3f9f163a3f7
Debian Security Advisory 3105-1
Posted Dec 16, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3105-1 - Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the "mail" command.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2004-2771, CVE-2014-7844
MD5 | 511d13ad9646cf509bde569126185e74
Debian Security Advisory 3104-1
Posted Dec 16, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3104-1 - It was discovered that bsd-mailx, an implementation of the "mail" command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.

tags | advisory, shell
systems | linux, bsd, debian
advisories | CVE-2014-7844
MD5 | 9d911bcd97ae2855a676663bdbc79aeb
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close