Candidate: CVE-2004-2771 PublicDate: 2014-12-24 18:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771 Description: The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address. Ubuntu-Description: Notes: Bugs: https://bugs.launchpad.net/ubuntu/+source/heirloom-mailx/+bug/1447066 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773417 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748 Priority: medium Discovered-by: Assigned-to: CVSS: Patches_heirloom-mailx: upstream_heirloom-mailx: needs-triage lucid_heirloom-mailx: ignored (reached end-of-life) precise_heirloom-mailx: ignored (reached end-of-life) precise/esm_heirloom-mailx: DNE (precise was needed) trusty_heirloom-mailx: released (12.5-2+deb7u1build0.14.04.1) trusty/esm_heirloom-mailx: DNE (trusty was released [12.5-2+deb7u1build0.14.04.1]) utopic_heirloom-mailx: released (12.5-2+deb7u1build0.14.10.1) vivid_heirloom-mailx: not-affected (12.5-3.1) vivid/stable-phone-overlay_heirloom-mailx: DNE vivid/ubuntu-core_heirloom-mailx: DNE wily_heirloom-mailx: not-affected (12.5-3.1) xenial_heirloom-mailx: DNE yakkety_heirloom-mailx: DNE zesty_heirloom-mailx: DNE devel_heirloom-mailx: DNE Patches_bsd-mailx: upstream_bsd-mailx: needs-triage lucid_bsd-mailx: not-affected (8.1.2-0.20040524cvs-2) precise_bsd-mailx: not-affected (8.1.2-0.20040524cvs-2) precise/esm_bsd-mailx: not-affected (8.1.2-0.20040524cvs-2) trusty_bsd-mailx: not-affected (8.1.2-0.20040524cvs-2) trusty/esm_bsd-mailx: not-affected (8.1.2-0.20040524cvs-2) utopic_bsd-mailx: not-affected (8.1.2-0.20040524cvs-2) vivid_bsd-mailx: not-affected (8.1.2-0.20040524cvs-2) vivid/stable-phone-overlay_bsd-mailx: DNE vivid/ubuntu-core_bsd-mailx: DNE wily_bsd-mailx: not-affected (8.1.2-0.20040524cvs-2) xenial_bsd-mailx: not-affected (8.1.2-0.20040524cvs-2) esm-infra/xenial_bsd-mailx: not-affected (8.1.2-0.20040524cvs-2) yakkety_bsd-mailx: not-affected (8.1.2-0.20040524cvs-2) zesty_bsd-mailx: not-affected (8.1.2-0.20040524cvs-2) devel_bsd-mailx: not-affected (8.1.2-0.20040524cvs-2)