CVE-2005-0101 - Buffer overflow in the socket_getline function in Newspost 2.1.1 and earlier allows remote malicious

CVE-2005-0101

Summary

Buffer overflow in the socket_getline function in Newspost 2.1.1 and earlier allows remote malicious NNTP servers to execute arbitrary code via a long string without a newline character.

References

Vulnerable Configurations

cpe:2.3:a:newspost:newspost:*:*:*:*:*:*:*:*
cpe:2.3:a:newspost:newspost:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	12418
bugtraq	20050202 RE: SECURITEY.NNOV.RU NewsPost buffer overflow [EXPLOIT]
confirm	http://www.vuxml.org/freebsd/7f13607b-6948-11d9-8937-00065be4b5b6.html
gentoo	GLSA-200502-05
misc	http://people.freebsd.org/~niels/issues/newspost-20050114.txt
sectrack	1013056
secunia	14092 14098
xf	newspost-socketgetline-bo(19178)

Last major update

11-07-2017 - 01:32

Published

01-02-2005 - 05:00

Last modified

11-07-2017 - 01:32