Rapid7 Vulnerability & Exploit Database

CentOS: (CVE-2014-7844) CESA-2014:1999: mailx

Free InsightVM Trial No credit card necessary
Watch Demo See how it all works
Back to Search

CentOS: (CVE-2014-7844) CESA-2014:1999: mailx



Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From CESA-2014:1999:

The mailx packages contain a mail user agent that is used to manage mail using scripts.

A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. (CVE-2004-2771, CVE-2014-7844)

Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with "-" (so that they can be confused with mailx options). To counteract this issue, this update also introduces the "--" option, which will treat the remaining command line arguments as email addresses.

All mailx users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.


  • centos-upgrade-mailx

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center