Friday, December 26, 2014

'mailx' security fix for various Linux flavors

'mailx' used for sending and receiving mail - widely used in several Linux distributions get the patch for two security flaws. Both the vulnerabilities occur due to improper parsing of email addresses and rated as "moderate". CVE-2014-7844 covers the execution of arbitrary shell commands locally, whereas CVE-2004-2771 fixes the execution of arbitrary commands by leveraging the fact that mailx interprets shell meta-characters in certain email addresses. BSD mailx and Heirloom mailx implementations are vulnerable to these issues affecting Red Hat Enterprise Linux, CentOS, Debian, Ubuntu, and possibly other distributions. Users are advised to apply the updates on earliest basis. CVE-2004-2771 is almost a decade old vulnerability. <more>

No comments: