| Vulnerability Name: | CVE-2003-0721 (CCN-13151) | ||||||||||||
| Assigned: | 2003-09-10 | ||||||||||||
| Published: | 2003-09-10 | ||||||||||||
| Updated: | 2018-05-03 | ||||||||||||
| Summary: | Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number. | ||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: CCN Type: SGI Security Advisory 20031002-01-U SGI Advanced Linux Environment security update #3 Source: CCN Type: BugTraq Mailing List, Wed Sep 10 2003 - 15:03:04 CDT Two Exploitable Overflows in PINE Source: MITRE Type: CNA CVE-2003-0721 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2003:738 pine Source: FULLDISC Type: UNKNOWN 20030911 Pine: .procmailrc rule against integer overflow Source: BUGTRAQ Type: UNKNOWN 20030911 [slackware-security] security issues in pine (SSA:2003-253-01) Source: BUGTRAQ Type: UNKNOWN 20030915 remote Pine <= 4.56 exploit fully automatic Source: CCN Type: RHSA-2003-273 Updated pine packages fix vulnerabilities Source: CCN Type: RHSA-2003-274 pine security update Source: IDEFENSE Type: Exploit, Patch, Vendor Advisory 20030910 Two Exploitable Overflows in PINE Source: CCN Type: Guardian Digital Security Advisory ESA-20030911-022 pine Source: REDHAT Type: Patch, Vendor Advisory RHSA-2003:273 Source: REDHAT Type: UNKNOWN RHSA-2003:274 Source: CCN Type: BID-8589 Pine rfc2231_get_param() Remote Integer Overflow Vulnerability Source: CCN Type: slackware-security Mailing List, Wed Sep 10 20:47:53 PDT 2003 security issues in pine (SSA:2003-253-01) Source: CCN Type: TLSA-2003-57 Multipel vulnerabilities in pine Source: CCN Type: University of Washington Web site Pine Information Center Source: XF Type: UNKNOWN pine-rfc2231getparam-integer-overflow(13151) Source: CCN Type: iDEFENSE Security Advisory 09.10.03 Two Exploitable Overflows in PINE Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:503 Source: SUSE Type: SUSE-SA:2003:037 pine: remote code execution | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||