Rapid7 Vulnerability & Exploit Database

RHSA-2003:274: pine security update

Back to Search

RHSA-2003:274: pine security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
09/17/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/12/2017

Description

Updated Pine packages that resolve remotely exploitable security issues are now available.

Pine, developed at the University of Washington, is a tool for reading, sending, and managing electronic messages (including mail and news). A buffer overflow exists in the way unpatched versions of Pine prior to 4.57 handle the 'message/external-body' type. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0720 to this issue. An integer overflow exists in the Pine MIME header parsing in versions prior to 4.57. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0721 to this issue. Both of these flaws could be exploited by a remote attacker sending a carefully crafted email to the victim that will execute arbitrary code when the email is opened using Pine. All users of Pine are advised to upgrade to these erratum packages, which contain a backported security patch correcting these issues. Red Hat would like to thank iDefense for bringing these issues to our attention and the University of Washington for the patch.

Solution(s)

  • redhat-upgrade-pine

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;