CVE-2003-0721

Integer signedness error in rfc2231getparam from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number...

Выполнение команд через pine

К письму может быть прикреплен файл, содержащий скрипт, который будет выполнен с привилегиями пользователя pine...

pine.420.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I reported the vulnerability below to the Pine team on Oct 21, when 4.20 was current. 4.21 which I just noticed on freshmeat seems to fix the problem even though it's not mentioned in the release notes. Since it's not, I thought some disclosure was in...

pinepolicy.txt

Date: Mon, 7 Sep 1998 12:18:28 +0100 From: Chris Wilson Hey people, I've discovered a vulnerability in Pine, tested on version 3.95q, but which probably applies to all versions up to 4.02. This vulnerability allows users to bypass site policies and use Pine to run arbitrary commands in the user's...