Bugtraq mailing list archives

Re: MDKSA-2000:073 - pine update

From: Kris Kennaway <kris () FREEBSD ORG>
Date: Tue, 21 Nov 2000 23:57:47 -0800

On Mon, Nov 20, 2000 at 06:19:42PM -0700, Linux Mandrake Security Team wrote:

Problem Description:

 By adding specific headers to messages, the pine mail reader could be
 made to exit with an error message when users attempted to manipulate
 mail folders containing those messages.


The most recent problem was worse than that; remote code
execution. This seems to describe an older vulnerability in pine.

See the following advisories for reference, on

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories:

-rw-r--r--  1 1001  207  4196 Sep 17 08:51 FreeBSD-SA-00:47.pine.asc
-rw-r--r--  1 1001  207  4136 Oct 30 23:04 FreeBSD-SA-00:59.pine.asc

Kris

Attachment: _bin
Description:

Current thread:

MDKSA-2000:073 - pine update Linux Mandrake Security Team (Nov 22)
- Re: MDKSA-2000:073 - pine update Kris Kennaway (Nov 24)