"c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors." (from CVE) It appears Pine < 4.55 is affected, i.e. 7.3, maybe 9. FC unlikely. This patch was used to fix Pine in RHEL 2.1: --snip-- Patch to correct CAN-2003-0297 which could allow a remote malicious IMAP server to crash Pine by sending a large literal which causes an integer overflow. Patch taken from fix in imap-2002c --- pine4.44/imap/src/c-client/imap4r1.c.orig Fri Dec 3 05:42:27 2004 +++ pine4.44/imap/src/c-client/imap4r1.c Fri Dec 3 05:44:03 2004 @@ -3896,7 +3896,12 @@ case '{': /* if literal string */ /* get size of string */ - i = strtoul (*txtptr,txtptr,10); + if ((i = strtoul (*txtptr,txtptr,10)) > 0x7fffffff) { + sprintf (LOCAL->tmp,"Absurd server literal length %lu",i); + mm_log (LOCAL->tmp,WARN); + if (len) *len = i; + break; + } if (len) *len = i; /* set return value */ if (md && mg) { /* have special routine to slurp string? */ if (md->first) { /* partial fetch? */ --snip--
Thanks, Pavel. I believe this does affect RHL 7.3 and RHL 9. It won't affect the Fedoras because they do not include Pine. Marking bug to be worked on.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA: 88be7e815d07cb61f0eaf45be0ff984d588eda71 7.3/pine-4.44-19.73.1.legacy.i386.rpm 06c2e191e2aac8adf43d3afe746fb957ef58bcac 7.3/pine-4.44-19.73.1.legacy.src.rpm cd7ad2746c58cc4254a4032eb50114ac4662ae0c 9/pine-4.44-19.90.1.legacy.i386.rpm f0f7c7be4749a6f67c3dbdd70e9a59dbe31af4ae 9/pine-4.44-19.90.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/pine-4.44-19.73.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/pine-4.44-19.90.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux) iD8DBQFEELI7LMAs/0C4zNoRAvm4AJ9DPaJtQZPths7+khh+7ubkgYxOpgCgqrHg MJeRS4NDBDmZ9U9wcXdAZTY= =lm2E -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - spec file changes minimal - patch verified to come from upstream +PUBLISH RHL73, RHL9 06c2e191e2aac8adf43d3afe746fb957ef58bcac pine-4.44-19.73.1.legacy.src.rpm f0f7c7be4749a6f67c3dbdd70e9a59dbe31af4ae pine-4.44-19.90.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFEEStVGHbTkzxSL7QRAkeSAKDQrak0mzRtBmmFz4eoqngRXTRoxQCgtVcV gORJHjGL1EU/YCVmHLuZ1os= =B4EV -----END PGP SIGNATURE-----
Packages were pushed to updates-testing.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA for RHL9. Signature OK, upgrades OK. Rpm-build-compare.sh on the binaries also looks OK. Basic testing OK. +VERIFY RHL9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFEGQDpGHbTkzxSL7QRAl7pAJ9B01KiyUx7QItpAqdktfyNXZpYzgCgzauT HzHJeJ3x2odgeK9WHvUpA80= =JUkB -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 043112c55f52e5454ab01e52f7a50968016ac6a1 pine-4.44-19.90.1.legacy.i386.rpm installs OK. runs OK, although i do most of my PINE serious work from an FC4 system over imap, so cannot claim to have exhaustedly tested it. +VERIFY RH9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEIpXFePtvKV31zw4RArA2AJ9IS5vVa+cl/gFE6oZclSqi0Ypa/wCfWufr znJnA5JEm7Csa/7zX/gycNU= =lJQx -----END PGP SIGNATURE-----
Timeout shortened to 1 week and thus over.
Packages were released to updates.