Pine Environment Variable URL Shell Interpreting Vulnerability

Bugtraq ID: 3815
Class: Design Error
CVE:
Remote: Yes
Local: No
Published: Jan 05 2002 12:00AM
Updated: Jan 05 2002 12:00AM
Credit: This vulnerability was originally discovered by Jim Hebert <jhebert@jhebert.cx> on November 18, 1999, and was rediscovered by zen-parse <zen-parse@gmx.net> October 20, 2001. It was reannounced to Bugtraq on January 5, 2002.
Vulnerable: University of Washington Pine 4.33
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
University of Washington Pine 4.30
University of Washington Pine 4.21
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ Slackware Linux 7.1
+ Slackware Linux 7.0
University of Washington Pine 4.20
+ Turbolinux Turbolinux Workstation 6.0
Not Vulnerable: University of Washington Pine 4.44
+ EnGarde Secure Linux 1.0.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ Sun Cobalt Qube 3
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ 550
+ Sun Cobalt RaQ XTR
+ Sun Linux 5.0.7
+ Sun Linux 5.0


 

Privacy Statement
Copyright 2010, SecurityFocus