Note: This is an archival copy of Security Sun Alert 200815 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000614.1. |
Category Security Release Phase Resolved Sun Cobalt Qube 3 Server Sun Cobalt RaQ XTR Server Sun Cobalt RaQ 4 Server Sun Cobalt RaQ 550 Server Bug Id 4776218 Date of Resolved Release 04-AUG-2003 Impact A remote unprivileged user can create an email to exploit a buffer overflow vulnerability in Pine 4.44 that may cause a Denial of Service (DoS). This issue is described at:
Contributing Factors This issue can occur in the following releases: Sun Linux
Sun Cobalt Appliances
In versions of Pine 4.44 and earlier, Pine does not allocate enough memory for the parsing and escaping of the "From:" email header. A remote unprivileged user may carefully craft an email in Pine that will cause a buffer overflow on the heap, which may result in a Denial of Service (DoS). Note: Pine is a tool for reading, sending, and managing electronic messages. Symptoms An example of this issue would be an email message with a "From:" header that contains a large number of quotation marks ("), as in the following example: From: "\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\""@host.fubar
Workaround There is no workaround. Please see the "Resolution" section below. Resolution This issue is addressed in the following releases: Sun Linux
Sun Cobalt Appliances
Modification History Attachments This solution has no attachment |
|