CVE-2000-0909 - Vulnerability Details - OpenCVE

Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
University Of Washington	Pine

Configuration 1 [-]

OR	cpe:2.3:a:university_of_washington:pine:4.0.4:::::::*
	cpe:2.3:a:university_of_washington:pine:4.10:::::::*
	cpe:2.3:a:university_of_washington:pine:4.21:::::::*

No data.

References

Link	Providers
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc
http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html
http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3
http://www.redhat.com/support/errata/RHSA-2000-102.html
http://www.securityfocus.com/archive/1/84901
http://www.securityfocus.com/bid/1709
https://exchange.xforce.ibmcloud.com/vulnerabilities/5283
https://nvd.nist.gov/vuln/detail/CVE-2000-0909
https://www.cve.org/CVERecord?id=CVE-2000-0909

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2001-01-22T05:00:00

Updated: 2024-08-08T05:37:31.349Z

Reserved: 2000-11-24T00:00:00

Link: CVE-2000-0909

Vulnrichment

No data.

NVD

Status : Modified

Published: 2000-12-19T05:00:00.000

Modified: 2024-11-20T23:33:33.373

Link: CVE-2000-0909

Redhat

Severity :

Publid Date: 2000-09-22T00:00:00Z

Links: CVE-2000-0909 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2000-09-22T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2004-09-02T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FreeBSD-SA-00:59", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc"}, {"name": "RHSA-2000:102", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2000-102.html"}, {"name": "20001031 FW: Pine 4.30 now available", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html"}, {"name": "1709", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/1709"}, {"name": "20000922 [ no subject ]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/84901"}, {"name": "MDKSA-2000:073", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3"}, {"name": "pine-check-mail-bo(5283)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5283"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0909", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FreeBSD-SA-00:59", "refsource": "FREEBSD", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc"}, {"name": "RHSA-2000:102", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2000-102.html"}, {"name": "20001031 FW: Pine 4.30 now available", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html"}, {"name": "1709", "refsource": "BID", "url": "http://www.securityfocus.com/bid/1709"}, {"name": "20000922 [ no subject ]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/84901"}, {"name": "MDKSA-2000:073", "refsource": "MANDRAKE", "url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3"}, {"name": "pine-check-mail-bo(5283)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5283"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T05:37:31.349Z"}, "title": "CVE Program Container", "references": [{"name": "FreeBSD-SA-00:59", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc"}, {"name": "RHSA-2000:102", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2000-102.html"}, {"name": "20001031 FW: Pine 4.30 now available", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html"}, {"name": "1709", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/1709"}, {"name": "20000922 [ no subject ]", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/84901"}, {"name": "MDKSA-2000:073", "tags": ["vendor-advisory", "x_refsource_MANDRAKE", "x_transferred"], "url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3"}, {"name": "pine-check-mail-bo(5283)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5283"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0909", "datePublished": "2001-01-22T05:00:00", "dateReserved": "2000-11-24T00:00:00", "dateUpdated": "2024-08-08T05:37:31.349Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:university_of_washington:pine:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "D405F684-38E2-4AC4-8451-F4842E67C509", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:pine:4.10:*:*:*:*:*:*:*", "matchCriteriaId": "358A71B0-79F2-4728-AC1E-5872BC64B2C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:pine:4.21:*:*:*:*:*:*:*", "matchCriteriaId": "AA9E599F-D922-42B7-9FB5-FB025B095895", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header."}], "id": "CVE-2000-0909", "lastModified": "2024-11-20T23:33:33.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2000-12-19T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html"}, {"source": "cve@mitre.org", "url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2000-102.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/84901"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/1709"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2000-102.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/84901"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/1709"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5283"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}