A locally exploitable buffer overflow exists in ISC InterNetNews.
InterNetNews is a Usenet/Netnews news server supported by the Internet Software Consortium and volunteers. Innfeed is a component of InterNetNews that implements the NNTP protocol for transerring news between hosts. A locally exploitable buffer overflow exists in Innfeed that could allow a local intruder to overflow a buffer by passing it extremely long command-line arguments. This vulnerability affects versions of INN prior to INN 2.3.0.
An intruder can execute arbitrary code on the target system as the user running InterNetNews, typically news.
Upgrade INN to 2.3.0, which includes a rewritten startinnfeed utility.
This vulnerability was discovered by Enrique A. Sanchez Montellano <firstname.lastname@example.org> and Alex Hernandez <email@example.com>.
This document was written by Ian A. Finlay and is based on information obtained from a Defcom Labs Advisory
|Date First Published:||2001-09-05|
|Date Last Updated:||2001-09-05 14:45 UTC|