Signature Detail

SMTP: Remote Pine Exploit

This signature detects attempts to exploit a known vulnerability against the MIME-handling code in Pine, an e-mail program. Pine 4.56 and earlier are vulnerable. Attackers can send an e-mail containing an invalid "Charset=" header to cause a buffer overflow, enabling the attackers to execute commands at the target privilege level.

Extended Description

A vulnerability has been reported to be present in the software that may allow a remote attacker to cause an integer overflow condition in order to execute arbitrary code on a vulnerable system. The problem is reported to exist in the rfc2231_get_param() function found in the strings.c file. Successful exploitation of this issue may allow a remote attacker to execute arbitrary code on a remote system in order to gain unautorized access.

Affected Products

• SGI ProPack 2.2.1
• SGI ProPack 2.3.0
• University of Washington Pine 3.98.0
• University of Washington Pine 4.0.2
• University of Washington Pine 4.0.4
• University of Washington Pine 4.10.0
• University of Washington Pine 4.20.0
• University of Washington Pine 4.21.0
• University of Washington Pine 4.30.0
• University of Washington Pine 4.33.0
• University of Washington Pine 4.44.0
• University of Washington Pine 4.50.0
• University of Washington Pine 4.52.0
• University of Washington Pine 4.53.0
• University of Washington Pine 4.56.0

References

• BugTraq: 8589
• CVE: CVE-2003-0721