Pine display_parameters buffer overflow

pine-display-parameters-bo (13150)

High Risk

Description:

Pine (Program for Internet News & Email) is vulnerable to a buffer overflow, caused by improper bounds checking in the display_parameters. By sending an email message with an overly long name attribute, a remote attacker could overflow a buffer and execute arbitrary code on the system, once the victim opens the malicious email.

Platforms Affected:

• Conectiva, Linux 7.0
• Conectiva, Linux 8.0
• Conectiva, Linux 9.0
• EngardeLinux, Secure Community 1.0.1
• EngardeLinux, Secure Linux
• EngardeLinux, Secure Professional
• RedHat, Enterprise Linux 2.1 AW
• RedHat, Enterprise Linux 2.1 WS
• RedHat, Enterprise Linux 2.1 AS
• RedHat, Enterprise Linux 2.1 ES
• RedHat, Linux 7
• RedHat, Linux 7.1
• RedHat, Linux 7.2
• RedHat, Linux 7.3
• RedHat, Linux 8.0
• RedHat, Linux 9.0
• RedHat, Linux Advanced Workstation 2.1 Itanium
• SGI, IRIX 2.2.1
• SGI, IRIX 2.3
• Slackware, Slackware Linux 8.1
• Slackware, Slackware Linux 9.0
• Slackware, Slackware Linux current
• SuSE, Linux Enterprise Server 8
• SuSE, SuSE eMail Server 3.1
• SuSE, SuSE eMail Server III
• SuSE, SuSE Linux 7.2
• SuSE, SuSE Linux 7.3
• SuSE, SuSE Linux 8.0
• SuSE, SuSE Linux 8.1
• SuSE, SuSE Linux 8.2
• SuSE, SuSE Linux Connectivity Server
• SuSE, SuSE Linux Database Server
• SuSE, SuSE Linux Desktop 1.0
• SuSE, SuSE Linux Enterprise Server 7.0
• SuSE, SuSE Linux Firewall
• SuSE, SuSE Linux Office Server
• Turbolinux, Turbolinux Workstation 6.0
• University of Washington, Pine 4.56 and prior

Remedy:

Upgrade to the latest version of Pine (4.58 or later), available from the University of Washington Web site. See References.

For Red Hat Linux:
Upgrade to the latest pine package, as listed below. Refer to RHSA-2003:273-04 for more information. See References.

Red Hat 7.1: 4.44-19.71.0 or later
Red Hat 7.2: 4.44-19.72.0 or later
Red Hat 7.3: 4.44-19.73.0 or later
Red Hat 8.0: 4.44-19.80.0 or later
Red Hat 9: 4.44-19.90.0 or later

For Red Hat Linux:
Upgrade to the latest pine package, as listed below. Refer to RHSA-2003:274-05 for more information. See References.

Red Hat Enterprise Linux 2.1AS, 2.1ES, 2.1WS and Red Hat Linux Advanced Workstation 2.1: 4.44-19.21AS or later

For SuSE Linux:
Upgrade to the latest pine package, as listed below. Refer to SuSE Security Announcement SuSE-SA:2003:037 for more information. See References.

SuSE Linux 8.2 (Intel): 4.53-109 or later
SuSE Linux 8.1: 4.44-283 or later
SuSE Linux 8.0: 4.44-281 or later
SuSE Linux 7.3: 4.33-280 or later
SuSE Linux 7.2: 4.33-279 or later
SuSE Linux 7.3 (Sparc): 4.33-101 or later
SuSE Linux 7.3 (PPC): 4.33-153 or later

For Slackware Linux:
Upgrade to the latest pine package, as listed below. Refer to slackware-security Mailing List, Wed Sep 10 20:47:53 PDT 2003 for more information. See References.

Slackware Linux 8.1, 9.0, and -current: 4.58 or later

For Conectiva Linux:
Upgrade to the latest pine package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2003:738 for more information. See References.

Conectiva Linux 7.0: 4.50L-1U70_2cl or later
Conectiva Linux 8: 4.50L-1U80_2cl or later
Conectiva Linux 9: 4.53L-22751U90_1cl or later

For EnGarde Secure Linux Community Edition and Professional Edition:
Upgrade to the latest pine package (4.50-1.0.10 or later), as listed in Guardian Digital Security Advisory ESA-20030911-022. See References.

For Turbolinux:
Upgrade to the latest pine package (4.58-2 or later), as listed in Turbolinux Security Advisory TLSA-2003-57. See References.

For SGI IRIX:
Apply the patch for this vulnerability, as listed in SGI Security Advisory 20031002-01-U. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

• BugTraq Mailing List, Wed Sep 10 2003 - 15:03:04 CDT , Two Exploitable Overflows in PINE at http://archives.neohapsis.com/archives/bugtraq/2003-09/0181.html.
• Conectiva Linux Security Announcement CLSA-2003:738, pine at http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000738.
• Guardian Digital Security Advisory ESA-20030911-022, pine at http://www.linuxsecurity.com/content/view/105344/101/. (From LinuxSecurity archive)
• iDEFENSE Security Advisory 09.10.03, Two Exploitable Overflows in PINE at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=5.
• SGI Security Advisory 20031002-01-U, SGI Advanced Linux Environment security update #3 at ftp://patches.sgi.com/support/free/security/advisories/20031002-01-U.asc.
• slackware-security Mailing List, Wed Sep 10 20:47:53 PDT 2003, security issues in pine (SSA:2003-253-01) at http://www.slackware.com/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.347016.
• University of Washington Web site, Pine Information Center at http://www.washington.edu/pine/.
• BID-8588: Pine Message/External-Body Type Attribute Buffer Overflow Vulnerability
• CVE-2003-0720: Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.
• RHSA-2003-273: Updated pine packages fix vulnerabilities
• RHSA-2003-274: pine security update
• SUSE-SA:2003:037: pine: remote code execution

Reported:

Sep 10, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page