ID |
CVE-2002-0525
|
Summary |
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:isc:inn:2.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:inn:2.0:*:*:*:*:*:*:*
-
cpe:2.3:a:isc:inn:2.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:inn:2.1:*:*:*:*:*:*:*
-
cpe:2.3:a:isc:inn:2.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:inn:2.2:*:*:*:*:*:*:*
-
cpe:2.3:a:isc:inn:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:inn:2.2.1:*:*:*:*:*:*:*
-
cpe:2.3:a:isc:inn:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:inn:2.2.2:*:*:*:*:*:*:*
-
cpe:2.3:a:isc:inn:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:inn:2.2.3:*:*:*:*:*:*:*
|
CVSS |
Base: | 10.0 (as of 05-09-2008 - 20:28) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
refmap
via4
|
bid | 4501 | bugtraq | 20020411 Inn (Inter Net News) security problems | xf | inn-rnews-inews-format-string(8834) |
|
Last major update |
05-09-2008 - 20:28 |
Published |
12-08-2002 - 04:00 |
Last modified |
05-09-2008 - 20:28 |