[PLDSA 1-1] New pine packages fix remote denial of service
Krzysiek Taraszka
dzimi at pld.org.pl
Fri Nov 29 23:02:54 CET 2002
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 1-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
29 November 2002 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : pine prior to 4.44L-14
Vulnerability : denial of service
Problem-Type : remote
PLD-specific : no
Upstream URL : http://www.washington.edu/pine/
An attacker can send a fully legal email message with a crafted
From-header and thus forcing pine to core dump on startup.
The only way to launch pine is manually removing the bad message
either directly from the spool, or from another MUA. Until the
message has been removed or edited there is no way of accessing
the INBOX using pine.
When pine detects an email with a From-header looking like
From:
"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\""@host.fubar
it will die with a segmentation fault. Note that the address is fully
legal, even if quite unusable.
Since pine dumped core it might be possible to execute code on the victims
machine.
The above problems have been fixed in version 4.50L-1 for the
current stable distribution (ra).
We recommend that you upgrade your pine packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'pine*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'pine*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/pine-4.50L-1.src.rpm
MD5 checksum: 196cf67117f8875f74e806b350d6a9f1
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/pine-4.50L-1.i386.rpm
MD5 checksum: b7c34c8a309273b7e7abf785365e7b0d
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/pine-4.50L-1.i586.rpm
MD5 checksum: ccf92a843f1c103abb68f425b5458a82
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/pine-4.50L-1.i686.rpm
MD5 checksum: bf2dce29f0aa6c08d2b937f21d27600a
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/pine-4.50L-1.ppc.rpm
MD5 checksum: 2a3525950c49f0f70a8f2584552af5db
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list