Project

General

Profile

Actions

Bug #5481

closed

CVE-2012-1750 mailx(1) tilde expansion vulnerability

Added by Robert Mustacchi over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Urgent
Category:
cmd - userland programs
Start date:
2014-12-23
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

mailx's default configuration allows for escape commands to be executed in non-interactive mode. The issues is that the mailx rc file always appends this. For more information see http://mcarpenter.org/blog/2012/07/18/solaris-mailx%281%29-tilde-expansion-vulnerability.

Actions

Also available in: Atom PDF