ID CVE-2002-0525
Summary Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:inn:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:inn:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:inn:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:inn:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:inn:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:inn:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:inn:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:inn:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:inn:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:inn:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:inn:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:inn:2.2.3:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 05-09-2008 - 20:28)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 4501
bugtraq 20020411 Inn (Inter Net News) security problems
xf inn-rnews-inews-format-string(8834)
Last major update 05-09-2008 - 20:28
Published 12-08-2002 - 04:00
Last modified 05-09-2008 - 20:28
Back to Top