155 matches found
CVE-2002-1320
Pine 4.44 and earlier allows remote attackers to cause a denial of service core dump and failed restart via an email message with a From header that contains a large number of quotation marks "...
Pine MUA contains buffer overflow in addr_list_string()
Overview Pine is a mail user agent MUA written and distributed by the University of Washington. Some versions contain a buffer overflow vulnerability in email address handling. Description Versions of Pine prior to 4.50 contain a remotely exploitable buffer overflow in the addrliststring function...
Buffer overflow in pine
Buffer overflow if address contains special characters...
Remote pine Denial of Service
Security Advisory 23rd October 2002 Remote pine version 4.44 denial of service Name: Pine version 4.44 Arch: Redhat 7.2 i386 Severity: Medium Vendor URL: http://www.washington.edu/pine/ Author: Linus Sjberg [email protected] Vendor notified: 14:th October 2002 Vendor response: 14:th October 2002...
Pine 4.x - From: Heap Corruption
Pine 4.x - From: Heap Corruption source: https://www.securityfocus.com/bid/6120/info A heap corruption may occur when Pine receives an email message containing a particularly crafted "From:" address. Though the address is RFC compliant, Pine reportedly fails to parse it correctly, resulting in a...
pine remote denial-of-service attack
An attacker may send a specially-formatted email message that will cause pine to crash...
CVE-2002-0014
URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters &...
Pine 4.x - Empty MIME Boundary Denial of Service
Pine 4.x - Empty MIME Boundary Denial of Service source: https://www.securityfocus.com/bid/5301/info Pine is an open source mail user agent distributed by the University of Washington. It is freely available for Unix, Linux, and Microsoft Operating Systems. When a mail is received by pine that...
Denial of Service bug in Pine 4.44
Hi, while using pine I found a small bug which causes pine to crash. When opening a MIME encoded mail with a blank boundary, pine will crash. The header looks like this: ... Content-Type: multipart/mixed; boundary="" Mime-Version: 1.0 ... This is no dangerous bug and you can simply delete the...
pine DoS
Empty boundary field causes pine to crash...
Pine 4.x - Empty MIME Boundary Denial of Service
source: https://www.securityfocus.com/bid/5301/info Pine is an open source mail user agent distributed by the University of Washington. It is freely available for Unix, Linux, and Microsoft Operating Systems. When a mail is received by pine that contains MIME content, and the value of the MIME...
Pine update fixes insecure URL-handling
Pine 4.44 packages are now available to fix a problem with insecure URL handling. Here's the information from the Slackware 8.0 ChangeLog: Sat Jan 12 13:05:33 PST 2002 patches/packages/pine.tgz: Fix a security problem with pine by upgrading to pine4.44. More details from the Pine Announcement Lis...
FreeBSD-SA-02:05.pine
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:05 Security Advisory FreeBSD, Inc. Topic: pine port insecure URL handling REVISED Category: ports Module: pine Announced: 2002-01-04 Revised: 2002-01-10 Credits: zen-pars...
CVE-2001-0736
Vulnerability in 1 pine before 4.33 and 2 the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack...
CVE-2001-0736
This CVE (CVE-2001-0736) affects the Pine email client (and pico editor) prior to version 4.33, where a local user can overwrite arbitrary files via a symlink attack. The vulnerability allows any local user to overwrite files owned by other users, including root, under certain conditions. A fix i...
CVE-2001-0736
Vulnerability in 1 pine before 4.33 and 2 the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack...
CVE-1999-1187
Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail...
CVE-1999-1187
Pine mail client (before version 3.94) is affected by a local privilege escalation vulnerability where a symlink attack on the mail-notification lockfile is exploitable when a user receives new mail. The underlying issue is a symlink attack allowing a local user to gain privileges. There is no ex...
Pine / IMAP bug?
I am not sure if this is a known issue but here goes: By sending a small message by directly telnetting to port 25 and doing the following I was able to crash Pine: someone@somehost telnet some.mail.server 25 Trying xxx.xxx.xxx.xxx... Connected to some.mail.server. Escape character is '^'. 220...
CVE-2001-0273
pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard GnuPG, which causes the message to be sent in cleartext...