J-Security Center

Title: Pine rfc2231_get_param() Remote Integer Overflow Vulnerability

Severity: HIGH

Description:

Pine is an e-mail client program used with Linux and Unix distributions.

It has been reported that Pine is prone to an integer overflow condition resulting in possible memory corruption and leading to arbitrary code execution.

The vulnerability exists in the rfc2231_get_param() function present in the strings.c file. The condition is triggered when a vulnerable user opens a maliciously crafted e-mail message sent by a remote attacker. The vulnerability exists due to insufficient bounds checking by the software when parsing e-mail message headers. Due to the possibility of memory corruption, an attacker may be able to execute arbitrary code in the security context of the vulnerable version of Pine.

Successful exploitation of this issue may allow an attacker to execute arbitrary code in order to gain unauthorized access to a vulnerable host.

Affected Products:

  • Conectiva Linux 5.0.0
  • Conectiva Linux 5.1.0
  • Conectiva Linux 6.0.0
  • Conectiva Linux 7.0.0
  • Conectiva Linux ecommerce
  • Conectiva Linux graficas
  • EnGarde Secure Linux 1.0.1
  • HP Secure OS software for Linux 1.0.0
  • RedHat Enterprise Linux AS 2.1
  • RedHat Enterprise Linux AS 2.1 IA64
  • RedHat Enterprise Linux ES 2.1
  • RedHat Enterprise Linux ES 2.1 IA64
  • RedHat Enterprise Linux WS 2.1
  • RedHat Enterprise Linux WS 2.1 IA64
  • RedHat Linux 5.2.0 alpha
  • RedHat Linux 5.2.0 i386
  • RedHat Linux 5.2.0 sparc
  • RedHat Linux 6.0.0
  • RedHat Linux 6.0.0 alpha
  • RedHat Linux 6.0.0 sparc
  • RedHat Linux 6.1.0 alpha
  • RedHat Linux 6.1.0 i386
  • RedHat Linux 6.1.0 sparc
  • RedHat Linux 6.2.0 alpha
  • RedHat Linux 6.2.0 i386
  • RedHat Linux 6.2.0 sparc
  • RedHat Linux 7.0.0
  • RedHat Linux 7.0.0 alpha
  • RedHat Linux 7.0.0 i386
  • RedHat Linux 7.1.0 alpha
  • RedHat Linux 7.1.0 i386
  • RedHat Linux 7.1.0 ia64
  • RedHat Linux 7.2.0 i386
  • RedHat Linux 7.2.0 ia64
  • RedHat Linux Advanced Work Station 2.1.0
  • S.u.S.E. Linux 5.3.0
  • S.u.S.E. Linux 6.1.0
  • S.u.S.E. Linux 6.1.0 alpha
  • S.u.S.E. Linux 7.1.0
  • S.u.S.E. Linux 7.1.0 alpha
  • S.u.S.E. Linux 7.1.0 ppc
  • S.u.S.E. Linux 7.1.0 sparc
  • S.u.S.E. Linux 7.2.0
  • S.u.S.E. Linux 7.2.0 i386
  • S.u.S.E. Linux 7.3.0
  • S.u.S.E. Linux 7.3.0 i386
  • S.u.S.E. Linux 7.3.0 ppc
  • S.u.S.E. Linux 7.3.0 sparc
  • S.u.S.E. Linux 8.0.0
  • S.u.S.E. Linux 8.0.0 i386
  • S.u.S.E. Linux 8.1.0
  • SGI ProPack 2.2.1
  • SGI ProPack 2.3.0
  • Slackware Linux 7.0.0
  • Slackware Linux 7.1.0
  • Sun Cobalt Qube 3
  • Sun Cobalt RaQ 4
  • Sun Cobalt RaQ 550
  • Sun Cobalt RaQ XTR
  • Sun Linux 5.0.0
  • Sun Linux 5.0.7
  • Turbolinux Turbolinux Workstation 6.0.0
  • University of Washington Pine 3.98.0
  • University of Washington Pine 4.0.2
  • University of Washington Pine 4.0.4
  • University of Washington Pine 4.10.0
  • University of Washington Pine 4.20.0
  • University of Washington Pine 4.21.0
  • University of Washington Pine 4.30.0
  • University of Washington Pine 4.33.0
  • University of Washington Pine 4.44.0
  • University of Washington Pine 4.50.0
  • University of Washington Pine 4.52.0
  • University of Washington Pine 4.53.0
  • University of Washington Pine 4.56.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.