Vulnerabilities > CVE-2002-1320 - Unspecified vulnerability in University of Washington Pine
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").
Vulnerable Configurations
Exploit-Db
| description | Pine 4.x From: Field Heap Corruption Vulnerability. CVE-2002-1320 . Dos exploit for linux platform |
| id | EDB-ID:21985 |
| last seen | 2016-02-02 |
| modified | 2002-11-07 |
| published | 2002-11-07 |
| reporter | lsjoberg |
| source | https://www.exploit-db.com/download/21985/ |
| title | Pine 4.x From: Field Heap Corruption Vulnerability |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PINE_450.NASL description The following package needs to be updated: iw-pine last seen 2016-09-26 modified 2004-07-06 plugin id 12601 published 2004-07-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=12601 title FreeBSD : pine remote denial-of-service attack (150) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2002-271.NASL description A vulnerability in Pine version 4.44 and earlier releases can cause Pine to crash when sent a carefully crafted email. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 Pine, developed at the University of Washington, is a tool for reading, sending, and managing electronic messages (including mail and news). A security problem was found in versions of Pine 4.44 and earlier. In these verions, Pine does not allocate enough memory for the parsing and escaping of the last seen 2020-06-01 modified 2020-06-02 plugin id 12338 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12338 title RHEL 2.1 : pine (RHSA-2002:271) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_5ABFEE2D5D8211D880E30020ED76EF5A.NASL description An attacker may send a specially-formatted email message that will cause pine to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 37439 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37439 title FreeBSD : pine remote denial-of-service attack (5abfee2d-5d82-11d8-80e3-0020ed76ef5a) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-084.NASL description A vulnerability was discovered in pine while parsing and escaping characters of email addresses; not enough memory is allocated for storing the escaped mailbox part of the address. The resulting buffer overflow on the heap makes pine crash. This new version of pine, 4.50, has the vulnerability fixed. It also offers many other bug fixes and new features. last seen 2020-06-01 modified 2020-06-02 plugin id 13982 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13982 title Mandrake Linux Security Advisory : pine (MDKSA-2002:084)
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000551
- http://marc.info/?l=bugtraq&m=103668430620531&w=2
- http://marc.info/?l=bugtraq&m=103884988306241&w=2
- http://www.iss.net/security_center/static/10555.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php
- http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html
- http://www.novell.com/linux/security/advisories/2002_046_pine.html
- http://www.redhat.com/support/errata/RHSA-2002-270.html
- http://www.redhat.com/support/errata/RHSA-2002-271.html
- http://www.securityfocus.com/bid/6120