Overview
A locally exploitable buffer overflow exists in ISC InterNetNews.
Description
InterNetNews is a Usenet/Netnews news server supported by the Internet Software Consortium and volunteers. Innfeed is a component of InterNetNews that implements the NNTP protocol for transerring news between hosts. A locally exploitable buffer overflow exists in Innfeed that could allow a local intruder to overflow a buffer by passing it extremely long command-line arguments. This vulnerability affects versions of INN prior to INN 2.3.0. |
Impact
An intruder can execute arbitrary code on the target system as the user running InterNetNews, typically news. |
Solution
Upgrade INN to 2.3.0, which includes a rewritten startinnfeed utility. |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This vulnerability was discovered by Enrique A. Sanchez Montellano
This document was written by Ian A. Finlay and is based on information obtained from a Defcom Labs Advisory.
Other Information
CVE IDs: | None |
Severity Metric: | 7.03 |
Date Public: | 2001-04-18 |
Date First Published: | 2001-09-05 |
Date Last Updated: | 2001-09-05 14:45 UTC |
Document Revision: | 41 |