Executive Summary

Summary
Title Updated Pine packages fix security vulnerability
Informations
Name RHSA-2005:015 First vendor Publication 2005-01-12
Vendor RedHat Last vendor Modification 2005-01-12
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An updated Pine package is now available for Red Hat Enterprise Linux 2.1 to fix a denial of service attack.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

Pine is an email user agent.

The c-client IMAP client library, as used in Pine 4.44 contains an integer overflow and integer signedness flaw. An attacker could create a malicious IMAP server in such a way that it would cause Pine to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0297 to this issue.

Users of Pine are advised to upgrade to these erratum packages which contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

97342 - CAN-2003-0279 c-client imap client

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2005-015.html

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 1
Application 1
Application 1

OpenVAS Exploits

Date Description
2008-09-04 Name : FreeBSD Ports: phpnuke
File : nvt/freebsd_phpnuke.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
57635 c-client IMAP Client literal_size Remote Overflow

11766 c-client IMAP Client Mailbox Size Overflow

6230 PHP-Nuke Web_Links Module Multiple Parameter SQL Injection

Nessus® Vulnerability Scanner

Date Description
2009-04-23 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_33ab4a47bfc111d8b00e000347a4fa7d.nasl - Type : ACT_GATHER_INFO
2005-02-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-114.nasl - Type : ACT_GATHER_INFO
2005-01-13 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2005-015.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:48:52
  • Multiple Updates
2013-05-11 12:22:44
  • Multiple Updates