4513639 1999-11-22 23:33 /94 rader/ Postmaster Mottagare: Bugtraq (import) <8624> Ärende: Caldera Pine Advisory ------------------------------------------------------------ Approved-By: aleph1@SECURITYFOCUS.COM Delivered-To: bugtraq@lists.securityfocus.com Delivered-To: bugtraq@securityfocus.com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-ID: <Pine.GSO.4.10.9911220905570.11718-100000@www.securityfocus.com> Date: Mon, 22 Nov 1999 09:06:22 -0800 Reply-To: Alfred Huger <ah@SECURITYFOCUS.COM> Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM> From: Alfred Huger <ah@SECURITYFOCUS.COM> X-To: bugtraq@securityfocus.com To: BUGTRAQ@SECURITYFOCUS.COM -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: remote attack on pine users Advisory number: CSSA-1999-036.0 Issue date: 1999 November, 19 Cross reference: ______________________________________________________________________________ 1. Problem Description Versions of pine prior to 4.21 had a security problem when viewing URLs. By sending an email with a specially formatted URL embedded in it, an attacker could cause arbitrary shell code to be executed under the account of the victim user. 2. Vulnerable Versions Systems : up to COL 2.3 Packages: up to pine-4.10-1 3. Solutions Workaround: not known The proper solution is to upgrade to the latest packages rpm -U pine-4.21-1.i386.rpm 4. Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.3/current/SRPMS 5. Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -U pine-4.21-1.i386.rpm 6. Verification 93b2cb3b558735b075392cd639e4edda RPMS/pine-4.21-1.i386.rpm 7f87c9f295c82f65b9412a4c311986c5 SRPMS/pine-4.21-1.src.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix closes Caldera's internal Problem Report 5258 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iQCVAwUBODVSGen+9R4958LpAQGvjgQAnoDjYlthZ+L0vIeIztvUElydo1GKJb4V i7jSXKnl5bWKUNhhYqSmPKYRYcJ9KolXXFYqEeC+GcSLfW5VGoxXEZ8B82AynXh0 0gIw/pLq6pTguifpORzIMWRn81BawtJd8JH6xvV8cRnopAm0zQy7y2iXw3gX2xRa l7Wz/qxKshc= =jty2 -----END PGP SIGNATURE----- (4513639) -----------------------------------