Vulnerabilities > CVE-2001-1035 - Unspecified vulnerability in Slrn Development Team Slrn
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-078.NASL |
| description | Byrial Jensen found a nasty problem in slrn (a threaded news reader). The notice on slrn-announce describes it as follows : When trying to decode binaries, the built-in code executes any shell scripts the article might contain, apparently assuming they would be some kind of self-extracting archive. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14915 |
| published | 2004-09-29 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14915 |
| title | Debian DSA-078-1 : slrn - remote command invocation |