CyberSec.Space Logo
Back to CVE Browser

CVE-2000-0353

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0220%
EPSS Percentile32.52th
PublishedJun 28, 1999
Last ModifiedApr 16, 2026

Vulnerability Description

Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.

Affected Platforms (CPE)

πŸ“¦
University Of Washington

Pine

= 3.98
πŸ“¦
University Of Washington

Pine

= 4.0
πŸ“¦
University Of Washington

Pine

= 4.2
πŸ“¦
University Of Washington

Pine

= 4.10

References & Advisories

πŸ”— http://www.novell.com/linux/security/advisories/pine_update_announcement.html
πŸ”— http://www.novell.com/linux/security/advisories/suse_security_announce_6.html
πŸ”— http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
πŸ”— http://www.securityfocus.com/bid/1247
πŸ”— http://www.novell.com/linux/security/advisories/pine_update_announcement.html
πŸ”— http://www.novell.com/linux/security/advisories/suse_security_announce_6.html
πŸ”— http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
πŸ”— http://www.securityfocus.com/bid/1247

Related Vulnerabilities

CVE-2000-035210.0

Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitra...

CVE-2002-23257.8

The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows r...

CVE-2000-08477.5

Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute ...

CVE-2000-09097.5

Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary com...