Detections
Analytics

RHEL 2.1 : pan (RHSA-2003:312)

high Nessus Plugin ID 12429

Synopsis

The remote Red Hat host is missing a security update.

Description

Updated Pan packages that close a denial of service vulnerability are now available.

Pan is a Gnome/GTK+ newsreader.

A bug in Pan versions prior to 0.13.4 can cause Pan to crash when parsing an article header containing a very long author email address.
This bug causes a denial of service (crash), but cannot be exploited further. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0855 to this issue.

Users of Pan are advised to upgrade to these erratum packages, which contain a backported patch correcting this issue.

Red Hat would like to thank Kasper Dupont for alerting us to this issue and to Charles Kerr for providing the patch.

Solution

Update the affected pan package.

See Also

https://access.redhat.com/security/cve/cve-2003-0855

https://bugzilla.gnome.org/show_bug.cgi?id=107025

https://access.redhat.com/errata/RHSA-2003:312

Plugin Details

Severity: High

ID: 12429

File Name: redhat-RHSA-2003-312.nasl

Version: 1.27

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:2.1, p-cpe:/a:redhat:enterprise_linux:pan

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 12/10/2003

Vulnerability Publication Date: 11/3/2003

Reference Information

CVE: CVE-2003-0855

RHSA: 2003:312