CVE-2002-2325 – Pine 4.x - Empty MIME Boundary Denial of Service
https://notcve.org/view.php?id=CVE-2002-2325
The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field. • https://www.exploit-db.com/exploits/21644 http://online.securityfocus.com/archive/1/284086 http://www.iss.net/security_center/static/9668.php http://www.securityfocus.com/bid/5301 • CWE-20: Improper Input Validation •
CVE-2002-1782
https://notcve.org/view.php?id=CVE-2002-1782
The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user. • http://online.securityfocus.com/archive/1/275127 http://www.security.nnov.ru/advisories/courier.asp http://www.securityfocus.com/bid/4909 http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1 https://exchange.xforce.ibmcloud.com/vulnerabilities/9238 •
CVE-2002-1320 – Pine 4.x - 'From:' Heap Corruption
https://notcve.org/view.php?id=CVE-2002-1320
Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks ("). Pine 4.44 y anteriores permite a atacantes remotos causar una denegación de servicio (volcado del núcleo y fallo al reiniciar) mediante un mensaje de correo electrónico con una cabecera From que contiene un número largo de comillas ("). • https://www.exploit-db.com/exploits/21985 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000551 http://marc.info/?l=bugtraq&m=103668430620531&w=2 http://marc.info/?l=bugtraq&m=103884988306241&w=2 http://www.iss.net/security_center/static/10555.php http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html http://www.novell.com/linux/security/advisories/2002_046_pine.html http://www •
CVE-2002-0014
https://notcve.org/view.php?id=CVE-2002-0014
URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&). • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000460 http://marc.info/?l=bugtraq&m=101027841605918&w=2 http://rhn.redhat.com/errata/RHSA-2002-009.html http://www.securityfocus.com/bid/3815 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0201-015 •
CVE-2002-0379 – WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0379
Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request. • https://www.exploit-db.com/exploits/21442 https://www.exploit-db.com/exploits/21443 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-021.0.txt http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000487 http://marc.info/?l=bugtraq&m=102107222100529&w=2 http://online.securityfocus.com/advisories/4167 http://www.iss.net/security_center/static/9055.php http://www.kb.cert.org/vuls/id/961489 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-034.php •