COMMAND

    Pine

SYSTEMS AFFECTED

    Pine 4.21 and prior

PROBLEM

    Following is based on  a FreeBSD-SA-00:59 Security Advisory.   The
    pine4 port, versions 4.21  and before, contains a  buffer overflow
    vulnerability which allows a remote user to execute arbitrary code
    on the  local client  by the  sending of  a special-crafted  email
    message.   The  overflow  occurs  during  the  periodic "new mail"
    checking of an open folder.

    Remote users can cause pine4  to crash when closing a  mail folder
    by sending a malformed email.   If you have not chosen to  install
    the  pine4  port/package,  then  your  system is not vulnerable to
    this problem.

SOLUTION

    For FreeBSD:

        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/pine-4.21_1.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/pine-4.21_1.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/pine-4.21_1.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/pine-4.21_1.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/pine-4.21_1.tgz

    For Linux-Mandrake:

         Linux-Mandrake 6.0: 6.0/RPMS/pine-4.30-3.3mdk.i586.rpm
                             6.0/SRPMS/pine-4.30-3.3mdk.src.rpm
         Linux-Mandrake 6.1: 6.1/RPMS/pine-4.30-3.3mdk.i586.rpm
                             6.1/SRPMS/pine-4.30-3.3mdk.src.rpm
         Linux-Mandrake 7.0: 7.0/RPMS/pine-4.30-3.3mdk.i586.rpm
                             7.0/SRPMS/pine-4.30-3.3mdk.src.rpm
         Linux-Mandrake 7.1: 7.1/RPMS/pine-4.30-3.2mdk.i586.rpm
                             7.1/SRPMS/pine-4.30-3.2mdk.src.rpm
         Linux-Mandrake 7.2: 7.2/RPMS/pine-4.30-3.1mdk.i586.rpm
                             7.2/SRPMS/pine-4.30-3.1mdk.src.rpm

    Of course, there is Pine 4.30 as well...