Vulnerabilities > CVE-2002-0909 - Buffer Overflow vulnerability in MNews
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote NNTP server to execute arbitrary code via long responses, or local users can gain privileges via long command line arguments (2) -f, (3) -n, (4) -D, (5) -M, or (6) -P, or via long environment variables (7) JNAMES or (8) MAILSERVER.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-05/0287.html
- http://marc.info/?l=bugtraq&m=102306166201275&w=2
- http://marc.info/?l=vuln-dev&m=102297259123103&w=2
- http://www.iss.net/security_center/static/9226.php
- http://www.iss.net/security_center/static/9227.php
- http://www.securityfocus.com/bid/4899
- http://www.securityfocus.com/bid/4900