RHEL 2.1 : pine (RHSA-2003:274)

high Nessus Plugin ID 12420

Synopsis

The remote Red Hat host is missing a security update.

Description

Updated Pine packages that resolve remotely exploitable security issues are now available.

Pine, developed at the University of Washington, is a tool for reading, sending, and managing electronic messages (including mail and news).

A buffer overflow exists in the way unpatched versions of Pine prior to 4.57 handle the 'message/external-body' type. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0720 to this issue.

An integer overflow exists in the Pine MIME header parsing in versions prior to 4.57. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0721 to this issue.

Both of these flaws could be exploited by a remote attacker sending a carefully crafted email to the victim that will execute arbitrary code when the email is opened using Pine.

All users of Pine are advised to upgrade to these erratum packages, which contain a backported security patch correcting these issues.

Red Hat would like to thank iDefense for bringing these issues to our attention and the University of Washington for the patch.

Solution

Update the affected pine package.

See Also

https://access.redhat.com/security/cve/cve-2003-0721

https://access.redhat.com/errata/RHSA-2003:274

https://access.redhat.com/security/cve/cve-2003-0720

Plugin Details

Severity: High

ID: 12420

File Name: redhat-RHSA-2003-274.nasl

Version: 1.26

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:pine, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 9/11/2003

Vulnerability Publication Date: 9/17/2003

Reference Information

CVE: CVE-2003-0720, CVE-2003-0721

RHSA: 2003:274