CVE-2014-7209

Related Files

Ubuntu Security Notice USN-2453-1

Posted Jan 7, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2453-1 - Timothy D. Morgan discovered that the run-mailcap tool incorrectly filtered certain shell metacharacters in filenames. If a user or automated system were tricked into opening a file with a specially-crafted filename, a remote attacker could possibly execute arbitrary code.

tags | advisory, remote, arbitrary, shell

systems | linux, ubuntu

advisories | CVE-2014-7209

SHA-256 | 519a4169b63e7dd1fac5f92c80d83d0c4d3a4892ca2ea98747109a50df6492e9

Download | Favorite | View

Debian Security Advisory 3114-1

Posted Dec 29, 2014

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3114-1 - Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code.

tags | advisory, arbitrary, shell

systems | linux, debian

advisories | CVE-2014-7209

SHA-256 | d0d564ef0b65527a21eee4ab3d08a36dc96badae881dd56d032b2a6b2a4adc01

Download | Favorite | View