|
|
Subscribe / Log in / New account

pine: remote exploits

Package(s):pine CVE #(s):CAN-2003-0720 CAN-2003-0721
Created:September 11, 2003 Updated:September 17, 2003
Description: Pine, developed at the University of Washington, is a tool for reading, sending, and managing electronic messages (including mail and news).

A buffer overflow exists in the way unpatched versions of Pine prior to 4.57 handle the 'message/external-body' type. The Common Vulnerabilities and Exposures project has assigned the name CAN-2003-0720 to this issue.

An integer overflow exists in the Pine MIME header parsing in versions prior to 4.57. The Common Vulnerabilities and Exposures project has assigned the name CAN-2003-0721 to this issue.

Both of these flaws could be exploited by a remote attacker sending a carefully crafted email to the victim that will execute arbitrary code when the email is opened using Pine.

Alerts:
Gentoo 200309-10 net-mail/pine 2003-09-16
Conectiva CLA-2003:738 pine 2003-09-12
Slackware SSA:2003-253-01 pine 2003-09-10
EnGarde ESA-20030911-022 pine 2003-09-11
SuSE SuSE-SA:2003:037 pine 2003-09-11
Red Hat RHSA-2003:273-01 pine 2003-09-11
to post comments

pine: remote exploits

Posted Sep 18, 2003 9:12 UTC (Thu) by vmlinuz (guest, #24) [Link]

Just for reference, there is no released Pine 4.57 - they skipped that completely and went to 4.58. I don't quite know why, but I'd guess that 4.57 was already under development, but not ready for release, so 4.58 is just 4.56 with the holes fixed...


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds