Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | Pine E-mail Client Buffer Overflows in Parsing Message Attributes Permit Remote Code Execution |
|---|
Categorie: Vulnerability
Posted: 2003-09-12 by ReCall
Views: 417
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: Two vulnerabilities were reported in the Pine e-mail client. A remote user can send e-mail that, when opened by the target user, will cause arbitrary code to be executed on the target user's system.
iDEFENSE reported that one of the vulnerabilities resides in the parsing of the message/external-body type attribute name/value pairs in the display_parameters() function in 'mailview.c'. A remote user can create an e-mail message where the length of the longest attribute is longer than the space allocated (SIZEOF_20KBUF = 20480 bytes) to hold the attribute.
The report also indicated that a separate integer overflow exists in the parsing of e-mail headers in the rfc2231_get_param() function in 'strings.c'. A remote user can cause an integer pointer to be set to a negative value that references an undefined index of a 64 byte character array, executing arbitrary user- supplied code.
Impact: A remote user can send a specially crafted e-mail message that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
Solution: The vendor has released a fixed version (4.58), available at:
http://www.washington.edu/pine/getpine/
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=421
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
