(Slackware Issues Fix) Pine E-mail Client Buffer Overflows in Parsing Message Attributes Permit Remote Code Execution
|
|
SecurityTracker Alert ID: 1007678 |
|
SecurityTracker URL: http://securitytracker.com/id/1007678
|
|
CVE Reference:
CAN-2003-0720, CAN-2003-0721
(Links to External Site)
|
Updated: Dec 1 2003
|
Original Entry Date: Sep 11 2003
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.56 and prior versions
|
Description:
Two vulnerabilities were reported in the Pine e-mail client. A remote user can send e-mail that, when opened by the target user, will cause arbitrary code to be executed on the target user's system.
iDEFENSE reported that one of the vulnerabilities resides in the parsing of the message/external-body type attribute name/value pairs in the display_parameters() function in 'mailview.c'. A remote user can create an e-mail message where the length of the longest attribute is longer than the space allocated (SIZEOF_20KBUF = 20480 bytes) to hold the attribute.
The report also indicated that a separate integer overflow exists in the parsing of e-mail headers in the rfc2231_get_param() function in 'strings.c'. A remote user can cause an integer pointer to be set to a negative value that references an undefined index of a 64 byte character array, executing arbitrary user-supplied code.
|
Impact:
A remote user can send a specially crafted e-mail message that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
|
Solution:
Slackware has released a fix.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/pine-4.58-i386-1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/pine-4.58-i386-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/pine-4.58-i486-1.tgz
The MD5 Signatures are:
Slackware 8.1 package:
1d47105029acd69e42c9ed0740c44a6a pine-4.58-i386-1.tgz
Slackware 9.0 package:
eed870ae357057b8077035f50c5139d2 pine-4.58-i386-1.tgz
Slackware -current package:
3a81b024bea2c36386cde8a9e1c241f7 pine-4.58-i486-1.tgz
|
Vendor URL: www.washington.edu/pine/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Slackware)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 10 Sep 2003 23:04:50 -0700 (PDT)
Subject: [slackware-security] security issues in pine (SSA:2003-253-01)
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] security issues in pine (SSA:2003-253-01)
Upgraded pine packages are available for Slackware 8.1, 9.0 and
- -current. These fix two security problems found by iDEFENSE Labs
which could lead to arbitrary code execution when a specially
crafted email is processed by Pine.
This problem is fixed in Pine 4.58. Sites which use the Pine
mail reader should upgrade.
Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Wed Sep 10 20:47:53 PDT 2003
patches/packages/pine-4.58-i386-1.tgz: Upgraded to pine4.58.
This fixes two vulnerabilities in earlier PINE versions found
by iDEFENSE Labs
(see http://www.idefense.com/advisory/09.10.03.txt).
(* Security fix *)
+--------------------------+
WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/pine-4.58-i386-1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/pine-4.58-i386-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/pine-4.58-i486-1.tgz
MD5 SIGNATURES:
+-------------+
Slackware 8.1 package:
1d47105029acd69e42c9ed0740c44a6a pine-4.58-i386-1.tgz
Slackware 9.0 package:
eed870ae357057b8077035f50c5139d2 pine-4.58-i386-1.tgz
Slackware -current package:
3a81b024bea2c36386cde8a9e1c241f7 pine-4.58-i486-1.tgz
INSTALLATION INSTRUCTIONS:
+------------------------+
Upgrade using upgradepkg (as root):
# upgradepkg pine-4.58-i386-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/X/OTakRjwEAQIjMRAou0AJ9ZR37owvPQX9lMYa/njJhBXlHgrwCfYPUE
eXt1ii0Bu4TEDw5kFeGpYEk=
=agB0
-----END PGP SIGNATURE-----
|
|
