发信人: williamlong()
整理人: williamlong(2002-12-01 16:43:47), 站内信件
|
______________________________________________________________________
________
Caldera Systems, Inc. Security Advisory
Subject: remote attack on pine users
Advisory number: CSSA-1999-036.0
Issue date: 1999 November, 19
Cross reference:
______________________________________________________________________
________
1. Problem Description
Versions of pine prior to 4.21 had a security problem when viewing
URLs. By sending an email with a specially formatted URL embedded
in it, an attacker could cause arbitrary shell code to be executed
under the account of the victim user.
2. Vulnerable Versions
Systems : up to COL 2.3
Packages: up to pine-4.10-1
3. Solutions
Workaround: not known
The proper solution is to upgrade to the latest packages
rpm -U pine-4.21-1.i386.rpm
4. Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS
/
The corresponding source code package can be found at:
ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.3/current/SRPMS
5. Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -U pine-4.21-1.i386.rpm
6. Verification
93b2cb3b558735b075392cd639e4edda RPMS/pine-4.21-1.i386.rpm
7f87c9f295c82f65b9412a4c311986c5 SRPMS/pine-4.21-1.src.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 5258
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of t
he
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to
promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________
________
--
☆ 蓝色月光 ☆ [email protected]
※ 来源:.月光软件站 http://www.moon-soft.com.[FROM: bbs.huizhou.gd.]
|
|