Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0721

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0721
Last Modified 10 Sep 2008 03:20:14
Published 17 Sep 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0721

Summary

Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.

Vulnerable Systems

Application

  • University Of Washington Pine 3.98

  • University Of Washington Pine 4.0.2

  • University Of Washington Pine 4.0.4

  • University Of Washington Pine 4.10

  • University Of Washington Pine 4.20

  • University Of Washington Pine 4.21

  • University Of Washington Pine 4.30

  • University Of Washington Pine 4.33

  • University Of Washington Pine 4.44

  • University Of Washington Pine 4.50

  • University Of Washington Pine 4.52

  • University Of Washington Pine 4.53

  • University Of Washington Pine 4.56


References

REDHAT - RHSA-2003:273

IDEFENSE - 20030910 Two Exploitable Overflows in PINE

REDHAT - RHSA-2003:274

FULLDISC - 20030911 Pine: .procmailrc rule against integer overflow

BUGTRAQ - 20030915 remote Pine <= 4.56 exploit fully automatic

BUGTRAQ - 20030911 [slackware-security] security issues in pine (SSA:2003-253-01)


Last Updated: 27 May 2016 10:38:01