Vulnerabilities > CVE-1999-0043

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

critical

nessus

NVD

Published: 1996-12-04

Updated: 2022-08-17

Summary

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

Vulnerable Configurations

Part	Description	Count
Application	Isc ISC INN 1.4Unoff4 ISC INN 1.4Sec ISC INN 1.4Unoff3 ISC INN 1.4Sec2 ISC INN 1.5	5
Application	Netscape Netscape News Server 1.1	1
OS	Caldera Caldera Openlinux 1.0	1
OS	Bsdi Bsdi BSD OS 2.1	1
OS	Redhat Redhat Linux 4.1 Redhat Linux 4.0	2
Hardware	Nec NEC Goah Networksv 2.2 NEC Goah Networksv 1.2 NEC Goah Networksv 3.1 NEC Goah Intrasv 1.1	4

Nessus

NASL family	Gain a shell remotely
NASL id	INN.NASL
description	According to its banner, the remote version of INN is older than version 1.6. A number of security holes have been found older versions of INN, some of which may allow arbitrary command execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	10129
published	1999-08-25
reporter	This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10129
title	INN < 1.6 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(10129); script_version("1.35"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-1999-0705", "CVE-1999-0043", "CVE-1999-0247"); script_bugtraq_id(1443, 616, 687); script_xref(name:"CERT-CC", value:"CA-1997-08"); script_name(english:"INN < 1.6 Multiple Vulnerabilities"); script_summary(english:"Checks INN version"); script_set_attribute(attribute:"synopsis", value:"The remote NNTP server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the remote version of INN is older than version 1.6. A number of security holes have been found older versions of INN, some of which may allow arbitrary command execution."); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3132c982"); script_set_attribute(attribute:"solution", value:"Upgrade to version 1.6 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"1996/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"1999/08/25"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc."); script_family(english:"Gain a shell remotely"); script_dependencie("find_service1.nasl"); script_require_ports("Services/nntp", 119); exit(0); } # # The script code starts here # # Read the banner from the knowledge base, # or get it by connecting to the server # manually port = get_kb_item("Services/nntp"); if(!port)port = 119; key = string("nntp/banner/", port); banner = get_kb_item(key); if(!banner) { if(get_port_state(port)) { soc = open_sock_tcp(port); if(soc) { banner = recv_line(socket:soc,length:1024); close(soc); } } } if(!banner)exit(0); s = strstr(banner,"INN"); if(s) { version = s[4]; subversion = s[6]; if((version == 1)&&(subversion < 6)) { security_hole(port); } }

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0043

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.