Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:551

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51558

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2002:551

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2002:551.

Pine is a mail and news text based client developed by the Washington
University[1].

Linus Sjöberg (lsjoberg@aland.net) discovered[2] a vulnerability that
allows an attacker to send a fully legal e-mail message with the
From: header crafted in such a way that will crash pine on
startup.

By exploiting this, an attacker can prevent the pine user of starting
the program to manage his/her mailbox. It was not confirmed if it is
possible to execute arbitrary code by exploiting this vulnerability,
but such a possibility exists.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned[3] the name CVE-2002-1320 to this issue.

Please notice that this new version of pine (4.50) includes several
new features and other bugfixes, as documented in the official
changelog[4].

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.washington.edu/pine/
http://marc.theaimsgroup.com/?l=bugtraq&m=103668430620531&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1320
http://www.washington.edu/pine/changes/4.44-to-4.50.html
https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2002:551
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 6120
Common Vulnerability Exposure (CVE) ID: CVE-2002-1320
http://www.securityfocus.com/bid/6120
Bugtraq: 20021107 Remote pine Denial of Service (Google Search)
http://marc.info/?l=bugtraq&m=103668430620531&w=2
Bugtraq: 20021202 GLSA: pine (Google Search)
http://marc.info/?l=bugtraq&m=103884988306241&w=2
Conectiva Linux advisory: CLA-2002:551
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000551
En Garde Linux Advisory: ESA-20021127-032
http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php
http://www.redhat.com/support/errata/RHSA-2002-270.html
http://www.redhat.com/support/errata/RHSA-2002-271.html
SuSE Security Announcement: SuSE-SA:2002:046 (Google Search)
http://www.novell.com/linux/security/advisories/2002_046_pine.html
http://www.iss.net/security_center/static/10555.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51558
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:551
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:551. Pine is a mail and news text based client developed by the Washington University[1]. Linus Sjöberg (lsjoberg@aland.net) discovered[2] a vulnerability that allows an attacker to send a fully legal e-mail message with the From: header crafted in such a way that will crash pine on startup. By exploiting this, an attacker can prevent the pine user of starting the program to manage his/her mailbox. It was not confirmed if it is possible to execute arbitrary code by exploiting this vulnerability, but such a possibility exists. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned[3] the name CVE-2002-1320 to this issue. Please notice that this new version of pine (4.50) includes several new features and other bugfixes, as documented in the official changelog[4]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.washington.edu/pine/ http://marc.theaimsgroup.com/?l=bugtraq&m=103668430620531&w=2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1320 http://www.washington.edu/pine/changes/4.44-to-4.50.html https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2002:551 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 6120 Common Vulnerability Exposure (CVE) ID: CVE-2002-1320 http://www.securityfocus.com/bid/6120 Bugtraq: 20021107 Remote pine Denial of Service (Google Search) http://marc.info/?l=bugtraq&m=103668430620531&w=2 Bugtraq: 20021202 GLSA: pine (Google Search) http://marc.info/?l=bugtraq&m=103884988306241&w=2 Conectiva Linux advisory: CLA-2002:551 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000551 En Garde Linux Advisory: ESA-20021127-032 http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php http://www.redhat.com/support/errata/RHSA-2002-270.html http://www.redhat.com/support/errata/RHSA-2002-271.html SuSE Security Announcement: SuSE-SA:2002:046 (Google Search) http://www.novell.com/linux/security/advisories/2002_046_pine.html http://www.iss.net/security_center/static/10555.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com