VULHUB ™

Pine is a freely available, open source email client. It is distributed and maintained by Washington University. A problem with Pine has been discovered that could make it possible to execute arbitrary commands. The problem is in the handling of URLs with encapsulated environment variables. The problem is in the handling of URLs with environment variables in them. An email sent to a user with an encoded environment variable and command in the URL could be used to execute the encoded command with the privileges of the user receiving the mail. This could make it possible to perform one of any number of commands as the user receiving the mail. This vulnerability is only present in email clients that have had a URL handler configured.

Pine is a freely available, open source email client. It is distributed and maintained by Washington University. A problem with Pine has been discovered that could make it possible to execute arbitrary commands. The problem is in the handling of URLs with encapsulated environment variables. The problem is in the handling of URLs with environment variables in them. An email sent to a user with an encoded environment variable and command in the URL could be used to execute the encoded command with the privileges of the user receiving the mail. This could make it possible to perform one of any number of commands as the user receiving the mail. This vulnerability is only present in email clients that have had a URL handler configured.