CVE-2004-2771 — heirloom-mailx - security update

Description

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

How to fix CVE-2004-2771

To remediate CVE-2004-2771, upgrade the affected package to a fixed version below.

Debian/bsd-mailx—upgrade to 8.1.2-0.20071201cvs-1 or later
Debian/heirloom-mailx—upgrade to 12.4-2+deb6u1 or later
Debian/heirloom-mailx—upgrade to 12.5-2+deb7u1 or later

Is CVE-2004-2771 being exploited?

Low — EPSS is 2.9%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 8.1.2-0.20071201cvs-1
from 0, < 12.4-2+deb6u1
from 0, < 12.5-2+deb7u1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2004-2771