Vulnerability: PINE e-mail client

An iDefence security advisory has warned the popular Linux and Unix e-mail client PINE (The Program for Internet News & Email) contains two exploitable vulnerabilities that can be triggered when a victim opens a specially crafted email sent by an attacker.

The first is a buffer overflow within the parsing of the message/external-body type attribute name/value pairs which could for arbitrary code execution.

Secondly, an exploitable integer overflow exists in the parsing of e-mail headers, allowing for arbitrary code execution upon the opening of a malicious e-mail.

More information is available at: http://www.idefense.com/advisory/09.10.03.txt

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about iDefense

Show Comments