-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1998.25: Buffer overflows in pine MIME handling

Topic: Buffer overflows in pine MIME handling.
Advisory issue date: August 7 1998


I. Problem Description

	A security problem with the mail user agent `pine' was
	discovered by Pavel Kankovsky on July 31, 1998, concerning two
	buffer overflows. The buffer overflow can be triggered
	remotely by sending a specially formatted MIME message to the
	victim user.

	One of the bugs is triggered the moment the user views a file;
	the second is triggered the moment s/he attempts to save an
	attachment.


II. Impact

Description:

	An attacker can execute commands under the account of the
	victim user.

Vulnerable Systems:

	OpenLinux 1.0, 1.1, & 1.2 systems using pine packages prior to
	pine-4.02-2. 


III. Solution

Workaround:

	Remove the pine package.

Correction:

        The proper solution is to upgrade to the pine-4.02-2 packages. 
	
        They can be found on Caldera's FTP site at:
	ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/011/RPMS

        The corresponding source code can be found at:
	ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/011/SRPMS

	The MD5 checksums (from the "md5sum" command) for these
	packages are:

	da54cf6b2a53e266590bec32eaf13f49  RPMS/pine-4.02-2.i386.rpm
	5095119cded390f739aec4344662d25a  SRPMS/pine-4.02-2.src.rpm

        Upgrade with the following commands:

	rpm -q pine && rpm -U RPMS/pine-4.02-2.i386.rpm


IV. References

        This and other Caldera security resources are located at:
	http://www.caldera.com/news/security/index.html

        Additional documentation on this problem can be found in the
	message:
	---
	Date: Fri, 31 Jul 1998 11:32:06 +0200 (MET DST)
	From: Pavel Kankovsky <peak@kerberos.troja.mff.cuni.cz>
	To: Olaf Kirch <okir@monad.swb.de>
	Cc: vendor-sec@lst.de
	Subject: Re: [vendor-sec] Pine 4.0 MIME parsing issues
	Message-ID: <19980731112155.1011.0@kerberos.troja.mff.cuni.cz>
	---

        This security fix closes Caldera's internal Problem Report
	4075.


V. PGP Signature

	This message was signed with the PGP key for security@caldera.com.

	This key can be obtained from:
		ftp://ftp.caldera.com/pub/pgp-keys/

	Or on an OpenLinux CDROM under:
		/OpenLinux/pgp-keys/

	$Id: SA-1998.25.txt,v 1.3 1998/08/07 14:12:03 rf Exp $


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNcsLM+n+9R4958LpAQFCNwP+IoJfm3EGZ2QjoGti2ufVbgBZCX67FM1q
QGoYZhnoZmnE9BTJsMEmZy9RU6i8UbE/aQNc7DzJkPj/NbJotOKP8CiWvJaaDcHm
gJVUrh5EQ0Z1mcpo9VOBYqVNmjMzy9JOrlvYrsfstx+9QsWrEY/uZGxPMNo2n1fX
TMpO3Ll1AKI=
=iiHW
-----END PGP SIGNATURE-----