CVE-2002-1789 - Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrar

CVE-2002-1789

Summary

Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function.

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
http://www.iss.net/security_center/static/9583.php
http://www.securityfocus.com/bid/5240

Vulnerable Configurations

cpe:2.3:a:newsx:newsx:1.4_pl6:*:*:*:*:*:*:*
cpe:2.3:a:newsx:newsx:1.4_pl6:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 05-09-2008 - 20:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	5240
freebsd	FreeBSD-SN-02:05
xf	newsx-syslog-format-string(9583)

Last major update

05-09-2008 - 20:31

Published

31-12-2002 - 05:00

Last modified

05-09-2008 - 20:31