Overview
The Internet Software Consortium's (ISC) InterNetNews (INN) is a Usenet application. A vulnerability in INN may permit a remote attacker to compromise the system.
Description
Version 2.4.0 of ISC's InterNetNews package contains a Network News Transfer Protocol (NNTP) server that contains a buffer overflow condition. Versions 2.3.x and prior are not vulnerable to this issue. The vulnerability is in the code that processes control messages, specifically the ARTpost() function. |
Impact
Exploitation of this vulnerability could permit a remote attacker to execute arbitrary code on the vulnerable server with the privileges of the innd process. |
Solution
Upgrade to version 2.4.1. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Russ Allbery for reporting this vulnerability.
This document was written by Jason A Rafail.
Other Information
| CVE IDs: | None |
| Severity Metric: | 17.72 |
| Date Public: | 2004-01-07 |
| Date First Published: | 2004-01-15 |
| Date Last Updated: | 2004-01-16 14:29 UTC |
| Document Revision: | 17 |