Project

General

Profile

Bug #5481

CVE-2012-1750 mailx(1) tilde expansion vulnerability

Added by Robert Mustacchi over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Urgent
Category:
cmd - userland programs
Start date:
2014-12-23
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

mailx's default configuration allows for escape commands to be executed in non-interactive mode. The issues is that the mailx rc file always appends this. For more information see http://mcarpenter.org/blog/2012/07/18/solaris-mailx%281%29-tilde-expansion-vulnerability.

#1

Updated by Electric Monk over 6 years ago

  • Status changed from Pending RTI to Closed

git commit 5422785d352a2bb398daceab3d1898a8aa64d006

commit  5422785d352a2bb398daceab3d1898a8aa64d006
Author: Robert Mustacchi <rm@joyent.com>
Date:   2014-12-23T22:52:59.000Z

    5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
    5482 CVE-2014-7844, CVE-2004-2771 - more mailx(1) woes
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Reviewed by: Richard Lowe <richlowe@richlowe.net>
    Approved by: Dan McDonald <danmcd@omniti.com>

Also available in: Atom PDF