CyberSec.Space Logo
Back to CVE Browser

CVE-2000-0909

HIGH
7.5
CVSS Severity Score
EPSS Score0.0650%
EPSS Percentile21.40th
PublishedDec 19, 2000
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.

Affected Platforms (CPE)

πŸ“¦
University Of Washington

Pine

= 4.0.4
πŸ“¦
University Of Washington

Pine

= 4.10
πŸ“¦
University Of Washington

Pine

= 4.21

References & Advisories

πŸ”— ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html
πŸ”— http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3
πŸ”— http://www.redhat.com/support/errata/RHSA-2000-102.html
πŸ”— http://www.securityfocus.com/archive/1/84901
πŸ”— http://www.securityfocus.com/bid/1709
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/5283
πŸ”— ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc

Related Vulnerabilities

CVE-2000-035310.0

Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded...

CVE-2000-035210.0

Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitra...

CVE-2002-23257.8

The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows r...

CVE-2000-08477.5

Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute ...