Pine 4.x 远程命令执行漏洞

漏洞信息详情

Pine 4.x 远程命令执行漏洞

• CNNVD编号：CNNVD-199906-032
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2000-0353
  
• 漏洞类型：
  
  
  未知
  
• 发布时间：
  
  1999-06-28
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  university_of_washington
• 漏洞来源：
  Discovery informat…

Pine 4.x版本存在漏洞。远程攻击者通过index.html文件执行任意命令，其中的index.html文件执行lynx并且从一个有缺陷的网络服务器中获得uu解码文件，然后通过Pine执行。

S.u.S.E. has released patches for pine distributed with S.u.S.E. linux.
—-
Here are the md5 checksums of the upgrade packages, please verify these
before installing the new packages:
7696893534bb32b15d7d9191ffc1d95a pine-3.96-28.i386.rpm (5.3)
d70ef356f093683c85cba53cc573c1b5 pine-4.10-40.i386.rpm (6.1)
1bf7c1be43887933a2076faaf3e30297 pine-4.10-40.i386.rpm (6.2)
fdaaf79987d232473316f4cba64c4f91 pine-4.10-40.alpha.rpm (AXP)
University of Washington Pine 3.98

• S.u.S.E. 5.3 i386 pine
  ftp://ftp.suse.com/pub/suse/i386/update/5.3/n1/pine.rpm

University of Washington Pine 4.10

• S.u.S.E. 6.1 alpha pine
  ftp://ftp.suse.com/pub/suse/axp/update/6.1/n1/pine.rpm
• S.u.S.E. 6.1 i386 pine
  ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/pine.rpm
• S.u.S.E. 6.2 i386 pine
  ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/pine.rpm

来源: www.securiteam.com
链接:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html

来源: BID
名称: 1247
链接:http://www.securityfocus.com/bid/1247

来源: SUSE
名称: 19990628 Execution of commands in Pine 4.x
链接:http://www.novell.com/linux/security/advisories/suse_security_announce_6.html

来源: SUSE
名称: 19990911 Update for Pine (fixed IMAP support)
链接:http://www.novell.com/linux/security/advisories/pine_update_announcement.html