RHEL 2.1 : pine (RHSA-2003:274)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated Pine packages that resolve remotely exploitable security
issues are now available.

Pine, developed at the University of Washington, is a tool for
reading, sending, and managing electronic messages (including mail and
news).

A buffer overflow exists in the way unpatched versions of Pine prior
to 4.57 handle the 'message/external-body' type. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2003-0720 to this issue.

An integer overflow exists in the Pine MIME header parsing in versions
prior to 4.57. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0721 to this issue.

Both of these flaws could be exploited by a remote attacker sending a
carefully crafted email to the victim that will execute arbitrary code
when the email is opened using Pine.

All users of Pine are advised to upgrade to these erratum packages,
which contain a backported security patch correcting these issues.

Red Hat would like to thank iDefense for bringing these issues to our
attention and the University of Washington for the patch.

See also :

https://www.redhat.com/security/data/cve/CVE-2003-0720.html
https://www.redhat.com/security/data/cve/CVE-2003-0721.html
http://rhn.redhat.com/errata/RHSA-2003-274.html

Solution :

Update the affected pine package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12420 ()

Bugtraq ID:

CVE ID: CVE-2003-0720
CVE-2003-0721