漏洞信息详情
Pine 4.x 远程命令执行漏洞
- CNNVD编号:CNNVD-199906-032 <!--
- 危害等级: 超危-->
- 危害等级: 超危
- CVE编号: CVE-2000-0353
- 漏洞类型: 未知
- 发布时间: 1999-06-28
- 威胁类型: 远程
- 更新时间: 2005-05-02
- 厂 商: university_of_washington
- 漏洞来源: Discovery informat...
-
漏洞简介
Pine 4.x版本存在漏洞。远程攻击者通过index.html文件执行任意命令,其中的index.html文件执行lynx并且从一个有缺陷的网络服务器中获得uu解码文件,然后通过Pine执行。
漏洞公告
S.u.S.E. has released patches for pine distributed with S.u.S.E. linux. ---- Here are the md5 checksums of the upgrade packages, please verify these before installing the new packages: 7696893534bb32b15d7d9191ffc1d95a pine-3.96-28.i386.rpm (5.3) d70ef356f093683c85cba53cc573c1b5 pine-4.10-40.i386.rpm (6.1) 1bf7c1be43887933a2076faaf3e30297 pine-4.10-40.i386.rpm (6.2) fdaaf79987d232473316f4cba64c4f91 pine-4.10-40.alpha.rpm (AXP) University of Washington Pine 3.98
- S.u.S.E. 5.3 i386 pine ftp://ftp.suse.com/pub/suse/i386/update/5.3/n1/pine.rpm
- S.u.S.E. 6.1 alpha pine ftp://ftp.suse.com/pub/suse/axp/update/6.1/n1/pine.rpm
- S.u.S.E. 6.1 i386 pine ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/pine.rpm
- S.u.S.E. 6.2 i386 pine ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/pine.rpm
参考网址
来源: www.securiteam.com 链接:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html 来源: BID 名称: 1247 链接:http://www.securityfocus.com/bid/1247 来源: SUSE 名称: 19990628 Execution of commands in Pine 4.x 链接:http://www.novell.com/linux/security/advisories/suse_security_announce_6.html 来源: SUSE 名称: 19990911 Update for Pine (fixed IMAP support) 链接:http://www.novell.com/linux/security/advisories/pine_update_announcement.html
受影响实体
- University_of_washington Pine:3.98<!--2000-1-1-->
- University_of_washington Pine:4.0<!--2000-1-1-->
- University_of_washington Pine:4.10<!--2000-1-1-->
- University_of_washington Pine:4.2<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...