漏洞信息详情
URLS的Pine环境变量扩展漏洞。
- CNNVD编号:CNNVD-199911-060
- 危害等级: 超危
- CVE编号: CVE-2000-0352
- 漏洞类型: 访问验证错误
- 发布时间: 1999-11-18
- 威胁类型: 远程
- 更新时间: 2005-05-02
- 厂 商: university_of_washington
- 漏洞来源: on Nov 18, 1999.');">First posted to Bu...
漏洞简介
Pine 4.21之前版本不能正确过滤URLs中的shell元字符,远程攻击者通过有畸形的URL可以执行任意指令。
漏洞公告
Caldera Linux: Obtain the rpm from: ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/ To install the rpm. rpm -U pine-4.21-1.i386.rpm the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
参考网址
来源: BUGTRAQ 名称: 19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21) 链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com 来源: BID 名称: 810 链接:http://www.securityfocus.com/bid/810 来源: SUSE 名称: 19991227 Security hole in Pine < 4.21="" 链接:http://www.novell.com/linux/security/advisories/suse_security_announce_36.HTML="" 来源:="" caldera="" 名称:="" CSSa-1999-036.0="" 链接:ftp://ftp.calderasystems.com/pub/openlinux/security/CSSa-1999-036.0.txt="">
受影响实体
- University_of_washington Pine:4.20
- University_of_washington Pine:4.21
补丁
暂无
评论