Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0352

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2000-0352
Last Modified 10 Sep 2008 03:04:12
Published 18 Nov 1999 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0352

Summary

Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL.

Vulnerable Systems

Application

  • University Of Washington Pine 4.20

  • University Of Washington Pine 4.21


References

BUGTRAQ - 19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21)

BID - 810

SUSE - 19991227 Security hole in Pine < 4.21

CALDERA - CSSA-1999-036.0


Last Updated: 27 May 2016 10:35:40