Note: This is an archival copy of Security Sun Alert 200815 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000614.1.
Article ID : 1000614.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-07-10
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun Linux 5.0 Buffer Overflow Vulnerability In "Pine" May Allow Remote Unprivileged Users to Cause a Denial of Service


Release Phase

Sun Cobalt Qube 3 Server
Sun Cobalt RaQ XTR Server
Sun Cobalt RaQ 4 Server
Sun Cobalt RaQ 550 Server

Bug Id

Date of Resolved Release


A remote unprivileged user can create an email to exploit a buffer overflow vulnerability in Pine 4.44 that may cause a Denial of Service (DoS).

This issue is described at:

Contributing Factors

This issue can occur in the following releases:

Sun Linux

  • Sun Linux 5.0 with Pine 4.44 and earlier

Sun Cobalt Appliances

  • Sun Cobalt Qube 3 with Pine 4.44 and earlier
  • Sun Cobalt RaQ 4 with Pine 4.44 and earlier
  • Sun Cobalt RaQ 550 with Pine 4.44 and earlier
  • Sun Cobalt RaQ XTR with Pine 4.44 and earlier

In versions of Pine 4.44 and earlier, Pine does not allocate enough memory for the parsing and escaping of the "From:" email header. A remote unprivileged user may carefully craft an email in Pine that will cause a buffer overflow on the heap, which may result in a Denial of Service (DoS).

Note: Pine is a tool for reading, sending, and managing electronic messages.


An example of this issue would be an email message with a "From:" header that contains a large number of quotation marks ("), as in the following example:

    From: "\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\""@host.fubar


There is no workaround. Please see the "Resolution" section below.


This issue is addressed in the following releases:

Sun Linux

Sun Cobalt Appliances

Modification History

This solution has no attachment