CVE-2002-1903

Description

Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.

Affected products

• university_of_washington / pine4.21 – 4.21
• university_of_washington / pine4.30 – 4.30
• university_of_washington / pine4.33 – 4.33
• university_of_washington / pine4.44 – 4.44

References

• MISChttp://www.iss.net/security_center/static/9297.php
• MISChttp://online.securityfocus.com/archive/1/276029
• MISChttp://www.securityfocus.com/bid/4963