Vulnerabilities > CVE-2002-1271 - Remote Command Execution vulnerability in PERL-MailTools
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-076.NASL description A vulnerability was discovered in Mail::Mailer perl module by the SuSE security team during an audit. The vulnerability allows remote attackers to execute arbitrary commands in certain circumstances due to the usage of mailx as the default mailer, a program that allows commands to be embedded in the mail body. This module is used by some auto-response programs and spam filters which make use of Mail::Mailer. last seen 2020-06-01 modified 2020-06-02 plugin id 13975 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13975 title Mandrake Linux Security Advisory : perl-MailTools (MDKSA-2002:076) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2002:076. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13975); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-1271"); script_xref(name:"MDKSA", value:"2002:076"); script_name(english:"Mandrake Linux Security Advisory : perl-MailTools (MDKSA-2002:076)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "A vulnerability was discovered in Mail::Mailer perl module by the SuSE security team during an audit. The vulnerability allows remote attackers to execute arbitrary commands in certain circumstances due to the usage of mailx as the default mailer, a program that allows commands to be embedded in the mail body. This module is used by some auto-response programs and spam filters which make use of Mail::Mailer." ); script_set_attribute( attribute:"solution", value:"Update the affected perl-MailTools package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-MailTools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/11/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.2", reference:"perl-MailTools-1.47-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", reference:"perl-MailTools-1.47-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", reference:"perl-MailTools-1.47-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", reference:"perl-MailTools-1.47-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", reference:"perl-MailTools-1.47-1.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-386.NASL description The SuSE security team discovered during an audit a bug in Mail::Mailer, a Perl module used for sending email, whereby potentially untrusted input is passed to a program such as mailx, which may interpret certain escape sequences as commands to be executed. This bug has been fixed by removing support for programs such as mailx as a transport for sending mail. Instead, alternative mechanisms are used. last seen 2020-06-01 modified 2020-06-02 plugin id 15223 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15223 title Debian DSA-386-1 : libmailtools-perl - input validation bug code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-386. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15223); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-1271"); script_bugtraq_id(6104); script_xref(name:"DSA", value:"386"); script_name(english:"Debian DSA-386-1 : libmailtools-perl - input validation bug"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "The SuSE security team discovered during an audit a bug in Mail::Mailer, a Perl module used for sending email, whereby potentially untrusted input is passed to a program such as mailx, which may interpret certain escape sequences as commands to be executed. This bug has been fixed by removing support for programs such as mailx as a transport for sending mail. Instead, alternative mechanisms are used." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2003/dsa-386" ); script_set_attribute( attribute:"solution", value: "For the stable distribution (woody) this problem has been fixed in version 1.44-1woody1. We recommend that you update your libmailtools-perl package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmailtools-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/09/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"libmailtools-perl", reference:"1.44-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"mailtools", reference:"1.44-1woody2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://marc.info/?l=bugtraq&m=103659723101369&w=2
- http://marc.info/?l=bugtraq&m=103679569705086&w=2
- http://www.debian.org/security/2003/dsa-386
- http://www.iss.net/security_center/static/10548.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php
- http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html
- http://www.securityfocus.com/bid/6104