Bug 45125 (CVE-2003-0721)

Summary: VUL-0: CVE-2003-0721: buffer overflow & integer overflow in pine
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Heiko Rommel <heiko.rommel>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2003-0721: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: putonftp file
patchinfo file

Description Sebastian Krahmer 2003-09-05 17:24:26 UTC 
From vendor-sec:

Date: Thu, 4 Sep 2003 09:17:25 -0400
From: David Endler <DEndler@iDefense.com>
To: vendor-sec@lst.de
Cc: Steve Hubert <hubert@washington.edu>, Mark Crispin <MRC@CAC.Washington.EDU>
Subject: [vendor-sec] 2 security vulnerabilities in Pine

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

We're working on coordinating disclosure on two security
vulnerabilities in Pine.  The Pine team has just produced fixes and I
have recommended a disclosure date of Wednesday, September 10, Noon
EDT.ISSUE 1: Pine buffer overflow in its handling of the
'message/external-body' type
CAN-2003-0720 has been assigned.  Details below.

ISSUE 2: Pine integer overflow in its MIME header parsing
CAN-2003-0721 has been assigned.  Details below.

The patch is available from       

       
ftp://ftp2.cac.washington.edu/pine/Private/pine4.56-securitypatch
              (MD5: d6de53cc07644a70e7ee617bd8be3cd7)

The new version of Pine source is also available from:

        ftp://ftp2.cac.washington.edu/pine/Private/pine4.57.tar.Z
              (MD5: 7cb3506988211db4c57a5435746740e8) or

        ftp://ftp2.cac.washington.edu/pine/Private/pine4.57.tar.gz
              (MD5: fa06085c22bcc318768959135690de43)
or
        ftp://ftp2.cac.washington.edu/pine/Private/pine4.57.tar.bz2
              (MD5: a17478aeb47cefb2b71832565f00e2ed)

Thanks,

- -dave
Comment 1 Sebastian Krahmer 2003-09-05 17:24:26 UTC 
<!-- SBZ_reproduce  -->
According to Mr. Endler there exists an exploit, but I doubt they give it out
now.
Comment 2 Roman Drahtmueller 2003-09-05 20:18:56 UTC 
Sebastian, Heiko is on vacation. I'll work on the packages, can you handle the
putonftp and patchinfo files, please?

Roman.
Comment 3 Sebastian Krahmer 2003-09-05 20:28:29 UTC 
Created attachment 13873 [details]
putonftp file
Comment 4 Sebastian Krahmer 2003-09-05 20:33:55 UTC 
Created attachment 13874 [details]
patchinfo file

I hope the DISTRIBUTION line is correct since I dont know
which maintained products are affected.
Comment 5 Roman Drahtmueller 2003-09-05 23:09:17 UTC 
ack. packages from 7.2 through 8.2 including SLES are filed.
STABLE has seen a version upgrade (Heiko, see the changelog of the package).

patchinfo turned in.

Roman.
Comment 6 Thomas Biege 2003-09-10 20:21:07 UTC 
packages approved
Comment 7 Thomas Biege 2009-10-13 19:38:50 UTC 
CVE-2003-0721: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)