[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] buffer overflow in pine

To: linux-security
Subject: [linux-security] buffer overflow in pine
From: Martin Siegert <siegert@sfu.ca>
Date: Sun, 19 Jan 2003 14:33:19 -0800
User-Agent: Mutt/1.4i

Topic
=====
buffer overflow in pine's header parsing code leads to DoS attack
and possibly to execution of arbirary code

Problem Description
===================
A security problem was found in versions of Pine 4.44 and earlier. In these
versions, Pine does not allocate enough memory for the parsing and escaping
of the "From" header, allowing a carefully crafted email to cause a
buffer overflow on the heap. This will result in Pine crashing.
It is unclear whether the same bug can be used to execute arbitrary code.

Affected Systems
================
All versions of pine < 4.50.

Workaround (recommended)
========================
Uninstall pine, use elm or mutt.

Solution
========
upgrade to version 4.50 or patched version for your distribution

RedHat 6.x
----------
rpm -Fvh pine-4.44-1.62.1.i386.rpm

RedHat 7.0
----------
rpm -Fvh pine-4.44-1.70.2.i386.rpm

RedHat 7.1
----------
rpm -Fvh pine-4.44-1.71.1.i386.rpm

RedHat 7.2
----------
rpm -Fvh pine-4.44-1.72.2.i386.rpm

RedHat 7.3
----------
rpm -Fvh pine-4.44-7.73.0.i386.rpm

RedHat 8.0
----------
rpm -Fvh pine-4.44-14.80.0.i386.rpm

Mandrake 7.2, 8.x
-----------------
rpm -Fvh pine-4.50-1.1mdk.i586.rpm

SuSE-7.1
--------
rpm -Fvh pine-4.33-263.i386.rpm

SuSE-7.2, 7.3
-------------
rpm -Fvh pine-4.33-266.i386.rpm

SuSE-8.0
-------------
rpm -Fvh pine-4.44-222.i386.rpm

SuSE-8.1
-------------
rpm -Fvh pine-4.44-224.i386.rpm

Prev by Date: [linux-security] fetchmail remote exploit
Next by Date: [linux-security] cyrus-sasl remote exploits
Prev by thread: [linux-security] cyrus-sasl remote exploits
Next by thread: [linux-security] fetchmail remote exploit
Index(es):
- Date
- Thread