155 matches found
CVE-2000-0352
Technical details about CVE-2000-0352 are not provided in the connected documents. The initial entry lists the Pine vulnerability but no additional specifics. Monitor for updates.
CVE-2000-0353
Pine 4.x is affected by CVE-2000-0353. A remote attacker can trigger arbitrary commands by providing an index.html that executes lynx to fetch a uudecoded file from a malicious web server, which is then executed by Pine. Impact is described as full confidentiality, integrity, and availability com...
CVE-2000-0353
Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine...
Выполнение команд через pine
К письму может быть прикреплен файл, содержащий скрипт, который будет выполнен с привилегиями пользователя pine...
pine.420.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I reported the vulnerability below to the Pine team on Oct 21, when 4.20 was current. 4.21 which I just noticed on freshmeat seems to fix the problem even though it's not mentioned in the release notes. Since it's not, I thought some disclosure was in...
CVE-2000-0352
Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL...
pine.4.xx.lockfile.txt
Date: Sun, 5 Mar 1999 01:41:25 +0100 From: Michal Zalewski Lockfile vunerability in pine 4.xx Linux The problem is probably well known, but silently ignored by pine vendors. Unfortunately, it's possible to turn 'mostly harmless feature' in something nasty - following code allows various DoSes by...
pine4.10-remote.txt
Date: Mon, 8 Feb 1999 00:22:17 +0100 From: Michal Zalewski To: [email protected] Subject: remote exploit on pine 4.10 - neverending story? Affected systems: ----------------- Any Unx system running 'pine' up to version 4.10 latest. Compromise: ----------- Remote execution of arbitrary code whe...
pinepolicy.txt
Date: Mon, 7 Sep 1998 12:18:28 +0100 From: Chris Wilson Hey people, I've discovered a vulnerability in Pine, tested on version 3.95q, but which probably applies to all versions up to 4.02. This vulnerability allows users to bypass site policies and use Pine to run arbitrary commands in the user's...
ipop3d.4.xx.lockfile.DoS.txt
Date: Sun, 7 Mar 1999 01:41:25 +0100 From: Michal Zalewski Lockfile vunerability in ipop3d 4.xx The problem is probably well known, but silently ignored by pine vendors. Unfortunately, it's possible to turn 'mostly harmless feature' in something nasty - following code allows various DoSes by...
hhp-pine_adv0004.txt
The hhp presents... The hhp-pine remote exploit advisory. 6/22/99 By: elaich aka LoopHole of the hhp. http://hhp.hemp.net/ --------------------------------------------------------- A few months ago I found a bigger problem with the charset bug then imagined. With a uuencode/uudecode method in the...
pine-bof-10000.txt
Date: Mon, 8 Feb 1999 21:19:29 +0000 From: Chris Evans To: [email protected] Subject: Pine again : Hi, PINE seems to be flavour of the month so I'll add to Michal's post. This is much less serious than Michal's problem but probably noteworthy anyway. PINE can be made to crash if /var/spool/mai...
pine.4.xx.bof.txt
Date: Sun, 7 Mar 1999 01:41:25 +0100 From: Michal Zalewski Overflow in pine 4.xx Linux pine 4.xx, at least on Linux platform, have serious security hole. When data is read from so-called mailbox lock created in /tmp directory this happens under certain conditions - please refer exploit code below...
CVE-2000-0353
Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine...
CVE-1999-1187
Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail...