|
| TC: | 11204 | |
| Description: | INN is ISC popular NNTP server for Unix. A buffer overflow has been found in the news server inn 2.X, up to the version 2.2.2. It allows remote attackers to execute arbitrary commands via a canceling request containing a long message ID. | |
| TC Impact: | Gather Info | |
| Service: | nntp |
| Vulnerability Publication: | June 06, 2000 | |
| Advisory Copyright: | Michal Zalewski | |
| Summary: | This vulnerability could be used to gain root access on your system. | |
| Risk: | Low | |
| CVSS 2.0 metrics: | Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None | |
| CVSS 2.0 Base Score: | 3.6 |
| Vulnerability Impact: |
Gain Root |
|---|
| Host Impact: | NNTP server may crash. | |
| Nature of Remediation: | Update the software. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Undefined ***** Update the product. ISC has released the version of INN - 2.2.3 - which fixes this issue. |
| References: | ||
| Advisory: http://www.securityfocus.com/archive/1/63549 BID: http://www.securityfocus.com/bid/1316 Product page: http://www.isc.org/products/INN/ |
| CVE Link: |
CVE-2000-0472 |
 |
|---|
| Glossary: |
Buffer Overflow |
|---|