FreeBSD Local Security Checks : FreeBSD Ports: pine, zh-pine, iw-pine

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52525

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: pine, zh-pine, iw-pine

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

pine
zh-pine
iw-pine

CVE-2003-0720
Buffer overflow in PINE before 4.58 allows remote attackers to execute
arbitrary code via a malformed message/external-body MIME type.

CVE-2003-0721
Integer signedness error in rfc2231_get_param from strings.c in PINE
before 4.58 allows remote attackers to execute arbitrary code via an
email that causes an out-of-bounds array access using a negative
number.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0720
Bugtraq: 20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE (Google Search)
http://marc.info/?l=bugtraq&m=106322571805153&w=2
Bugtraq: 20030911 [slackware-security] security issues in pine (SSA:2003-253-01) (Google Search)
http://marc.info/?l=bugtraq&m=106329356702508&w=2
En Garde Linux Advisory: ESA-20030911-022
http://www.idefense.com/advisory/09.10.03.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A499
http://www.redhat.com/support/errata/RHSA-2003-273.html
http://www.redhat.com/support/errata/RHSA-2003-274.html
SuSE Security Announcement: SuSE-SA:2003:037 (Google Search)
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0099.html
Common Vulnerability Exposure (CVE) ID: CVE-2003-0721
Bugtraq: 20030915 remote Pine <= 4.56 exploit fully automatic (Google Search)
http://marc.info/?l=bugtraq&m=106367213400313&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A503

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52525
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: pine, zh-pine, iw-pine
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: pine zh-pine iw-pine CVE-2003-0720 Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type. CVE-2003-0721 Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0720 Bugtraq: 20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE (Google Search) http://marc.info/?l=bugtraq&m=106322571805153&w=2 Bugtraq: 20030911 [slackware-security] security issues in pine (SSA:2003-253-01) (Google Search) http://marc.info/?l=bugtraq&m=106329356702508&w=2 En Garde Linux Advisory: ESA-20030911-022 http://www.idefense.com/advisory/09.10.03.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A499 http://www.redhat.com/support/errata/RHSA-2003-273.html http://www.redhat.com/support/errata/RHSA-2003-274.html SuSE Security Announcement: SuSE-SA:2003:037 (Google Search) http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0099.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0721 Bugtraq: 20030915 remote Pine <= 4.56 exploit fully automatic (Google Search) http://marc.info/?l=bugtraq&m=106367213400313&w=2 http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A503
Copyright	Copyright (C) 2008 E-Soft Inc.