The Internet Software Consortium's (ISC) InterNetNews (INN) is a Usenet application. A vulnerability in INN may permit a remote attacker to compromise the system.
Version 2.4.0 of ISC's InterNetNews package contains a Network News Transfer Protocol (NNTP) server that contains a buffer overflow condition. Versions 2.3.x and prior are not vulnerable to this issue. The vulnerability is in the code that processes control messages, specifically the ARTpost() function.
Exploitation of this vulnerability could permit a remote attacker to execute arbitrary code on the vulnerable server with the privileges of the innd process.
Upgrade to version 2.4.1.
Thanks to Russ Allbery for reporting this vulnerability.
This document was written by Jason A Rafail.
|Date First Published:||2004-01-15|
|Date Last Updated:||2004-01-16 14:29 UTC|