URLS的Pine环境变量扩展漏洞。

漏洞信息详情

URLS的Pine环境变量扩展漏洞。

• CNNVD编号：CNNVD-199911-060
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2000-0352
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  1999-11-18
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  university_of_washington
• 漏洞来源：
  First posted to Bu…

Pine 4.21之前版本不能正确过滤URLs中的shell元字符，远程攻击者通过有畸形的URL可以执行任意指令。

Caldera Linux:
Obtain the rpm from:
ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/
To install the rpm.
rpm -U pine-4.21-1.i386.rpm
the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

来源: BUGTRAQ
名称: 19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21)
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com

来源: BID
名称: 810
链接:http://www.securityfocus.com/bid/810

来源: SUSE
名称: 19991227 Security hole in Pine < 4.21
链接:http://www.novell.com/linux/security/advisories/suse_security_announce_36.html

来源: CALDERA
名称: CSSA-1999-036.0
链接:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt