CVE Details

Release Date:2014-12-16


A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters (CVE-2004-2771) and the direct command execution functionality (CVE-2014-7844).

See more information about CVE-2004-2771 from MITRE CVE dictionary and NIST NVD

CVSS v2.0 metrics

NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score: 3.6 Base Metrics: AV:L/AC:L/Au:N/C:P/I:P/A:N
Access Vector: Local network Attack Complexity: Low
Authentication: None required Confidentiality Impact: Partial
Integrity Impact: Partial Availability Impact: None

Errata information

PlatformErrataRelease Date
Oracle Linux version 6 (mailx)ELSA-2014-19992014-12-16
Oracle Linux version 7 (mailx)ELSA-2014-19992014-12-16
Oracle VM version 3.3 (mailx)OVMSA-2014-00862014-12-24
Oracle VM version 3.4 (mailx)OVMSA-2014-00862014-12-24

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team