Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2015-467)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120453

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2015-467)

Resumen: The remote host is missing an update for the 'mailx' package(s) announced via the ALAS-2015-467 advisory.

Descripción: Summary:
The remote host is missing an update for the 'mailx' package(s) announced via the ALAS-2015-467 advisory.

Vulnerability Insight:
A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. (CVE-2004-2771, CVE-2014-7844)

Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with '-' (so that they can be confused with mailx options). To counteract this issue, this update also introduces the '--' option, which will treat the remaining command line arguments as email addresses.

Affected Software/OS:
'mailx' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-2771
60940
http://secunia.com/advisories/60940
61585
http://secunia.com/advisories/61585
61693
http://secunia.com/advisories/61693
DSA-3105
http://www.debian.org/security/2014/dsa-3105
RHSA-2014:1999
http://rhn.redhat.com/errata/RHSA-2014-1999.html
[oss-security] 20141216 mailx issues (CVE-2004-2771, CVE-2014-7844)
http://seclists.org/oss-sec/2014/q4/1066
http://linux.oracle.com/errata/ELSA-2014-1999.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748
Common Vulnerability Exposure (CVE) ID: CVE-2014-7844
http://www.debian.org/security/2014/dsa-3104

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120453
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-467)
Resumen:	The remote host is missing an update for the 'mailx' package(s) announced via the ALAS-2015-467 advisory.
Descripción:	Summary: The remote host is missing an update for the 'mailx' package(s) announced via the ALAS-2015-467 advisory. Vulnerability Insight: A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. (CVE-2004-2771, CVE-2014-7844) Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with '-' (so that they can be confused with mailx options). To counteract this issue, this update also introduces the '--' option, which will treat the remaining command line arguments as email addresses. Affected Software/OS: 'mailx' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-2771 60940 http://secunia.com/advisories/60940 61585 http://secunia.com/advisories/61585 61693 http://secunia.com/advisories/61693 DSA-3105 http://www.debian.org/security/2014/dsa-3105 RHSA-2014:1999 http://rhn.redhat.com/errata/RHSA-2014-1999.html [oss-security] 20141216 mailx issues (CVE-2004-2771, CVE-2014-7844) http://seclists.org/oss-sec/2014/q4/1066 http://linux.oracle.com/errata/ELSA-2014-1999.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748 Common Vulnerability Exposure (CVE) ID: CVE-2014-7844 http://www.debian.org/security/2014/dsa-3104
Copyright	Copyright (C) 2015 Greenbone AG