Vulnerability: PINE e-mail client

An iDefence security advisory has warned the popular Linux and Unix e-mail client PINE (The Program for Internet News & Email) contains two exploitable vulnerabilities that can be triggered when a victim opens a specially crafted email sent by an attacker.

The first is a buffer overflow within the parsing of the message/external-body type attribute name/value pairs which could for arbitrary code execution.

Secondly, an exploitable integer overflow exists in the parsing of e-mail headers, allowing for arbitrary code execution upon the opening of a malicious e-mail.

More information is available at:

Join the newsletter!

Error: Please check your email address.

More about iDefense

Show Comments