RHEL 2.1 : pine (RHSA-2003:274)

High Nessus Plugin ID 12420


The remote Red Hat host is missing a security update.


Updated Pine packages that resolve remotely exploitable security issues are now available.

Pine, developed at the University of Washington, is a tool for reading, sending, and managing electronic messages (including mail and news).

A buffer overflow exists in the way unpatched versions of Pine prior to 4.57 handle the 'message/external-body' type. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0720 to this issue.

An integer overflow exists in the Pine MIME header parsing in versions prior to 4.57. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0721 to this issue.

Both of these flaws could be exploited by a remote attacker sending a carefully crafted email to the victim that will execute arbitrary code when the email is opened using Pine.

All users of Pine are advised to upgrade to these erratum packages, which contain a backported security patch correcting these issues.

Red Hat would like to thank iDefense for bringing these issues to our attention and the University of Washington for the patch.


Update the affected pine package.

See Also




Plugin Details

Severity: High

ID: 12420

File Name: redhat-RHSA-2003-274.nasl

Version: $Revision: 1.20 $

Type: local

Agent: unix

Published: 2004/07/06

Modified: 2016/12/28

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:pine, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2003/09/11

Reference Information

CVE: CVE-2003-0720, CVE-2003-0721

RHSA: 2003:274