Project

General

Profile

Actions

Bug #5482

closed

CVE-2014-7844, CVE-2004-2771 - more mailx(1) woes

Added by Robert Mustacchi almost 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Urgent
Category:
cmd - userland programs
Start date:
2014-12-23
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

mailx(1) is vulnerable to several CVEs. We've adapted the various defenses pointed out here: http://seclists.org/oss-sec/2014/q4/1066.

Actions #1

Updated by Electric Monk almost 7 years ago

  • Status changed from Pending RTI to Closed

git commit 5422785d352a2bb398daceab3d1898a8aa64d006

commit  5422785d352a2bb398daceab3d1898a8aa64d006
Author: Robert Mustacchi <rm@joyent.com>
Date:   2014-12-23T22:52:59.000Z

    5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
    5482 CVE-2014-7844, CVE-2004-2771 - more mailx(1) woes
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Reviewed by: Richard Lowe <richlowe@richlowe.net>
    Approved by: Dan McDonald <danmcd@omniti.com>

Actions

Also available in: Atom PDF