Vulnerability Details CVE-2000-0353
Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.039
EPSS Ranking 88.9%
CVSS Severity
CVSS v2 Score 10.0
References
- http://www.novell.com/linux/security/advisories/pine_update_announcement.html
- http://www.novell.com/linux/security/advisories/suse_security_announce_6.html
- http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
- http://www.securityfocus.com/bid/1247
- http://www.novell.com/linux/security/advisories/pine_update_announcement.html
- http://www.novell.com/linux/security/advisories/suse_security_announce_6.html
- http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
- http://www.securityfocus.com/bid/1247
Products affected by CVE-2000-0353
-
cpe:2.3:a:university_of_washington:pine:3.98
-
cpe:2.3:a:university_of_washington:pine:4.0
-
cpe:2.3:a:university_of_washington:pine:4.10
-
cpe:2.3:a:university_of_washington:pine:4.2