Overview
A locally exploitable buffer overflow exists in ISC InterNetNews.
Description
InterNetNews is a Usenet/Netnews news server supported by the Internet Software Consortium and volunteers. Innfeed is a component of InterNetNews that implements the NNTP protocol for transerring news between hosts. A locally exploitable buffer overflow exists in Innfeed that could allow a local intruder to overflow a buffer by passing it extremely long command-line arguments. This vulnerability affects versions of INN prior to INN 2.3.0. |
Impact
An intruder can execute arbitrary code on the target system as the user running InterNetNews, typically news. |
Solution
Upgrade INN to 2.3.0, which includes a rewritten startinnfeed utility. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was discovered by Enrique A. Sanchez Montellano
This document was written by Ian A. Finlay and is based on information obtained from a Defcom Labs Advisory.
Other Information
| CVE IDs: | None |
| Severity Metric: | 7.03 |
| Date Public: | 2001-04-18 |
| Date First Published: | 2001-09-05 |
| Date Last Updated: | 2001-09-05 14:45 UTC |
| Document Revision: | 41 |