Pine Environment Variable URL Shell Interpreting Vulnerability

Bugtraq ID: 3815
Class: Design Error
CVE:
Remote: Yes
Local: No
Published: Jan 05 2002 12:00AM
Updated: Jan 05 2002 12:00AM
Credit: This vulnerability was originally discovered by Jim Hebert <jhebert@jhebert.cx> on November 18, 1999, and was rediscovered by zen-parse <zen-parse@gmx.net> October 20, 2001. It was reannounced to Bugtraq on January 5, 2002.
Vulnerable: University of Washington Pine 4.33
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
+ HP Secure OS software for Linux 1.0
+ Redhat Linux 7.2 ia64
+ Redhat Linux 7.2 i386
+ Redhat Linux 7.1 ia64
+ Redhat Linux 7.1 i386
+ Redhat Linux 7.1 alpha
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
University of Washington Pine 4.30
University of Washington Pine 4.21
+ Redhat Linux 7.0 i386
+ Redhat Linux 7.0 alpha
+ Redhat Linux 6.2 sparc
+ Redhat Linux 6.2 i386
+ Redhat Linux 6.2 alpha
+ Slackware Linux 7.1
+ Slackware Linux 7.0
University of Washington Pine 4.20
+ Turbolinux Turbolinux Workstation 6.0
Not Vulnerable: University of Washington Pine 4.44
+ EnGarde Secure Linux 1.0.1
+ Redhat Enterprise Linux AS 2.1 IA64
+ Redhat Enterprise Linux AS 2.1
+ Redhat Enterprise Linux ES 2.1 IA64
+ Redhat Enterprise Linux ES 2.1
+ Redhat Enterprise Linux WS 2.1 IA64
+ Redhat Enterprise Linux WS 2.1
+ Redhat Linux Advanced Work Station 2.1
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ Sun Cobalt Qube 3
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ 550
+ Sun Cobalt RaQ XTR
+ Sun Linux 5.0.7
+ Sun Linux 5.0


 

Privacy Statement
Copyright 2010, SecurityFocus