Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.703105 |
Categoría: | Debian Local Security Checks |
Título: | Debian Security Advisory DSA 3105-1 (heirloom-mailx - security update) |
Resumen: | Two security vulnerabilities were;discovered in Heirloom mailx, an implementation of the mail command:;;CVE-2004-2771;mailx interprets interprets shell meta-characters in certain email;addresses.;;CVE-2014-7844;An unexpected feature of mailx treats syntactically valid email;addresses as shell commands to execute.;;Shell command execution can be re-enabled using the expandaddr;option.;;Note that this security update does not remove all mailx facilities;for command execution, though. Scripts which send mail to addresses;obtained from an untrusted source (such as a web form) should use the;; - - separator before the email addresses (which was fixed to work;properly in this update), or they should be changed to invoke;mail -t or sendmail -i -t instead, passing the recipient addresses;as part of the mail header. |
Descripción: | Summary: Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the mail command: CVE-2004-2771 mailx interprets interprets shell meta-characters in certain email addresses. CVE-2014-7844 An unexpected feature of mailx treats syntactically valid email addresses as shell commands to execute. Shell command execution can be re-enabled using the expandaddr option. Note that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the - - separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invoke mail -t or sendmail -i -t instead, passing the recipient addresses as part of the mail header. Affected Software/OS: heirloom-mailx on Debian Linux Solution: For the stable distribution (wheezy), these problems have been fixed in version 12.5-2+deb7u1. We recommend that you upgrade your heirloom-mailx packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-2771 Debian Security Information: DSA-3105 (Google Search) http://www.debian.org/security/2014/dsa-3105 http://seclists.org/oss-sec/2014/q4/1066 RedHat Security Advisories: RHSA-2014:1999 http://rhn.redhat.com/errata/RHSA-2014-1999.html http://secunia.com/advisories/60940 http://secunia.com/advisories/61585 http://secunia.com/advisories/61693 Common Vulnerability Exposure (CVE) ID: CVE-2014-7844 http://linux.oracle.com/errata/ELSA-2014-1999.html http://www.debian.org/security/2014/dsa-3104 |
Copyright | Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |