Oval Definition:oval:com.redhat.rhsa:def:20141999
Revision Date:2014-12-16Version:636
Title:RHSA-2014:1999: mailx security update (Moderate)
Description:The mailx packages contain a mail user agent that is used to manage mail using scripts.

  • A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. (CVE-2004-2771, CVE-2014-7844)

    Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with "-" (so that they can be confused with mailx options). To counteract this issue, this update also introduces the "--" option, which will treat the remaining command line arguments as email addresses.

    All mailx users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2004-2771
    CVE-2014-7844
    RHSA-2014:1999
    RHSA-2014:1999-00
    RHSA-2014:1999-02
    Platform(s):Red Hat Enterprise Linux 6
    Red Hat Enterprise Linux 7
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND mailx is earlier than 0:12.5-12.el7_0
  • AND mailx is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND mailx is earlier than 0:12.4-8.el6_6
  • AND mailx is signed with Red Hat redhatrelease2 key
  • Definition Synopsis
  • Release Information
  • mailx is earlier than 0:12.5-12.el7_0
  • AND mailx is signed with Red Hat redhatrelease2 key
  • AND
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
  • OR Package Information
  • mailx is earlier than 0:12.4-8.el6_6
  • AND mailx is signed with Red Hat redhatrelease2 key
  • AND
  • Red Hat Enterprise Linux 6 Client is installed
  • OR Red Hat Enterprise Linux 6 Server is installed
  • OR Red Hat Enterprise Linux 6 Workstation is installed
  • OR Red Hat Enterprise Linux 6 ComputeNode is installed
  • BACK