• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Record Created
20000711 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20000712)
Votes (Legacy)
ACCEPT(2) Levy, Ozancin
MODIFY(1) Frech
NOOP(2) LeBlanc, Wall
REVIEWING(1) Christey
Comments (Legacy)
 Frech> XF:sgi-mailx-bo(1371)
   CVE-2000-0545 seems to be a dupe of CVE-1999-0125 (Buffer overflow in SGI
   IRIX mailx program) since they both allow 'mail' group privileges. There was
   no exploit for SGI's vuln to compare.
 Christey> Since we are taking a split-by-default approach when
   there are insufficient details, we should keep this
   separate from CVE-1999-0125.  The difference in the
   time of discovery is also a factor, even if these wind
   up being the same problem.  However, there just aren't
   enough details to be sure if this is the same problem or not.
 Christey> On June 25, 1998, a buffer overflow in mailx via the HOME
   environmental variable was posted at:
   BUGTRAQ:19980625 security hole in mailx
   This affected multiple OSes.
   SGI:19980605-01-PX (CVE-1999-0125) was published on September
   29, 1998; while the advisory is short on details, it does
   mention a buffer overflow.
   So, there's enough distinction here (time and what gets
   exploited) to say that these should remain split; but
   CVE-1999-0125 likely needs to be RECAST to mention other
   affected OSes.

Proposed (Legacy)
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.