CVE-2014-7844HIGH
Description
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
References
http://linux.oracle.com/errata/ELSA-2014-1999.html
http://rhn.redhat.com/errata/RHSA-2014-1999.html
http://seclists.org/oss-sec/2014/q4/1066
Details
Source: MITRE
Published: 2020-01-14
Updated: 2020-01-21
Type: CWE-74
Risk Information
CVSS v2.0
Base Score: 7.2
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 3.9
Severity: HIGH
CVSS v3.0
Base Score: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Configuration 2
OR
Configuration 3
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 108927 | GLSA-201804-06 : mailx: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 99238 | F5 Networks BIG-IP : Mailx vulnerabilities (K16945) | Nessus | F5 Networks Local Security Checks | high |
| 89084 | Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : mailx (SSA:2016-062-01) | Nessus | Slackware Local Security Checks | high |
| 8981 | Mac OS X < 10.10.5 Multiple Vulnerabilities | Nessus Network Monitor | Operating System Detection | high |
| 85408 | Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | high |
| 82098 | Debian DLA-114-1 : heirloom-mailx security update | Nessus | Debian Local Security Checks | high |
| 82097 | Debian DLA-113-1 : bsd-mailx security update | Nessus | Debian Local Security Checks | high |
| 80430 | Mandriva Linux Security Advisory : nail (MDVSA-2015:011) | Nessus | Mandriva Local Security Checks | high |
| 80418 | Amazon Linux AMI : mailx (ALAS-2015-467) | Nessus | Amazon Linux Local Security Checks | high |
| 80413 | Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : bsd-mailx vulnerability (USN-2455-1) | Nessus | Ubuntu Local Security Checks | high |
| 80345 | Fedora 19 : mailx-12.5-9.fc19 (2014-17277) | Nessus | Fedora Local Security Checks | high |
| 80344 | Fedora 20 : mailx-12.5-11.fc20 (2014-17245) | Nessus | Fedora Local Security Checks | high |
| 80343 | Fedora 21 : mailx-12.5-14.fc21 (2014-17243) | Nessus | Fedora Local Security Checks | high |
| 80274 | openSUSE Security Update : mailx (openSUSE-SU-2014:1713-1) | Nessus | SuSE Local Security Checks | high |
| 80251 | SuSE 11.3 Security Update : mailx (SAT Patch Number 10096) | Nessus | SuSE Local Security Checks | high |
| 80075 | Scientific Linux Security Update : mailx on SL6.x, SL7.x i386/x86_64 (20141216) | Nessus | Scientific Linux Local Security Checks | high |
| 80074 | RHEL 6 / 7 : mailx (RHSA-2014:1999) | Nessus | Red Hat Local Security Checks | high |
| 80071 | Oracle Linux 6 / 7 : mailx (ELSA-2014-1999) | Nessus | Oracle Linux Local Security Checks | high |
| 80058 | Debian DSA-3105-1 : heirloom-mailx - security update | Nessus | Debian Local Security Checks | high |
| 80057 | Debian DSA-3104-1 : bsd-mailx - security update | Nessus | Debian Local Security Checks | high |
| 80056 | CentOS 6 / 7 : mailx (CESA-2014:1999) | Nessus | CentOS Local Security Checks | high |