Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0353

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2000-0353
Last Modified 10 Sep 2008 03:04:12
Published 28 Jun 1999 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0353

Summary

Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.

Vulnerable Systems

Application

  • University Of Washington Pine 3.98

  • University Of Washington Pine 4.0

  • University Of Washington Pine 4.10

  • University Of Washington Pine 4.2


References

MISC - http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html

BID - 1247

SUSE - 19990628 Execution of commands in Pine 4.x

SUSE - 19990911 Update for Pine (fixed IMAP support)


Last Updated: 27 May 2016 10:35:40