[17749] in bugtraq
Re: MDKSA-2000:073 - pine update
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Thu Nov 23 17:53:43 2000
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="EeQfGwPcQSOJBaQU"
Content-Disposition: inline
Message-ID: <20001121235747.A1623@citusc17.usc.edu>
Date: Tue, 21 Nov 2000 23:57:47 -0800
Reply-To: Kris Kennaway <kris@FREEBSD.ORG>
From: Kris Kennaway <kris@FREEBSD.ORG>
X-To: Linux Mandrake Security Announcements
<security-announce@linux-mandrake.com>,
Linux Mandrake Security <mdk-security@freezer-burn.org>,
Linux Security List <linuxlist@securityportal.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001120181942.A13080@mandrakesoft.com>; from
security@LINUX-MANDRAKE.COM on Mon, Nov 20,
2000 at 06:19:42PM -0700
--EeQfGwPcQSOJBaQU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Nov 20, 2000 at 06:19:42PM -0700, Linux Mandrake Security Team wrot=
e:
> Problem Description:
>=20
> By adding specific headers to messages, the pine mail reader could be
> made to exit with an error message when users attempted to manipulate
> mail folders containing those messages.
The most recent problem was worse than that; remote code
execution. This seems to describe an older vulnerability in pine.
See the following advisories for reference, on
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories:
-rw-r--r-- 1 1001 207 4196 Sep 17 08:51 FreeBSD-SA-00:47.pine.asc
-rw-r--r-- 1 1001 207 4136 Oct 30 23:04 FreeBSD-SA-00:59.pine.asc
Kris
--EeQfGwPcQSOJBaQU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjobfHsACgkQWry0BWjoQKWC9gCfbb3DvxAaHbHArwNmjzzwoV88
s38AoLosvtbm4kIBN4Wfe9MPHaxMTrBF
=mP4Q
-----END PGP SIGNATURE-----
--EeQfGwPcQSOJBaQU--
