Pine Empty MIME边界拒绝服务漏洞

漏洞信息详情

Pine Empty MIME边界拒绝服务漏洞

• CNNVD编号：CNNVD-200212-840
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-2325
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2002-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2002-12-31
  
• 厂        商：
  
  university_of_washington
• 漏洞来源：
  Vulnerability disc…

Internet Message Access Protocol (IMAP) dated 2002 RC2之前版本 c-client库存在漏洞，如Pine 4.20 到 4.44版本使用的。远程攻击者借助包含空边界字段Content – Type头的MIME编码邮件导致服务拒绝（客户端程序崩溃）。

It has been reported that using the source code attained from ftp://ftp.cac.washington.edu/imap/imap-2002.RC2.tar.Z in place of the IMAP source code contained in the Pine distribution, and rebuilding pine will fix this vulnerability.
The report suggests that replacing the code contained in the imap directory of pine with that from the above link, changing the value SET_DISABLEAUTOMATICSHAREDNAMESPACES to SET_DISABLEAUTOSHAREDNS in pine/pine.c, and rebuilding the client will rectify this issue.

来源: XF
名称: pine-blank-boundary-dos(9668)
链接:http://www.iss.net/security_center/static/9668.php

来源: BID
名称: 5301
链接:http://www.securityfocus.com/bid/5301

来源: BUGTRAQ
名称: 20020724 Denial of Service bug in Pine 4.44
链接:http://online.securityfocus.com/archive/1/284086