Vulnerabilities > CVE-2004-0045 - Buffer Overrun vulnerability in ISC INN 2.4.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
Nessus
NASL family Gain a shell remotely NASL id INN_CONTROL_MESSAGE_OVERFLOW.NASL description The remote host is running INN 2.4.0. There is a known security flaw in this version of INN that could allow an attacker to execute arbitrary code on this server. last seen 2020-06-01 modified 2020-06-02 plugin id 11984 published 2004-01-08 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11984 title INN < 2.4.1 Control Message Handling Code Overflow code # # (C) Tenable Network Security, Inc. # # Ref: http://www.isc.org/products/INN/ include("compat.inc"); if(description) { script_id(11984); script_version ("1.17"); script_cve_id("CVE-2004-0045"); script_bugtraq_id(9382); script_name(english:"INN < 2.4.1 Control Message Handling Code Overflow"); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by a buffer overflow vulnerability." ); script_set_attribute(attribute:"description", value: "The remote host is running INN 2.4.0. There is a known security flaw in this version of INN that could allow an attacker to execute arbitrary code on this server." ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2004/Jan/69" ); script_set_attribute(attribute:"solution", value: "Upgrade to version 2.4.1 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/01/08"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/01/07"); script_cvs_date("Date: 2018/11/15 20:50:22"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Checks INN version"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"Gain a shell remotely"); script_dependencie("find_service1.nasl"); script_require_ports("Services/nntp", 119); exit(0); } port = get_kb_item("Services/nntp"); if(!port) port = 119; if(get_port_state(port)) { soc = open_sock_tcp(port); if(soc) { r = recv_line(socket:soc, length:1024); if ( r == NULL ) exit(0); if(ereg(string:r, pattern:"^20[0-9] .* INN 2\.4\.0 .*$")) { security_hole(port); } } }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-014-02.NASL description INN (InterNetNews) is used to run a news (NNTP) server. New INN packages are available for Slackware 9.0, 9.1, and -current. These have been upgraded to inn-2.4.1 to fix a potentially exploitable buffer overflow. All sites running INN should upgrade. last seen 2020-06-01 modified 2020-06-02 plugin id 18755 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18755 title Slackware 9.0 / 9.1 / current : INN security update (SSA:2004-014-02) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2004-014-02. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(18755); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2004-0045"); script_xref(name:"SSA", value:"2004-014-02"); script_name(english:"Slackware 9.0 / 9.1 / current : INN security update (SSA:2004-014-02)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "INN (InterNetNews) is used to run a news (NNTP) server. New INN packages are available for Slackware 9.0, 9.1, and -current. These have been upgraded to inn-2.4.1 to fix a potentially exploitable buffer overflow. All sites running INN should upgrade." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.365791 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?df332a70" ); script_set_attribute(attribute:"solution", value:"Update the affected inn package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:inn"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2004/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"9.0", pkgname:"inn", pkgver:"2.4.1", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"9.1", pkgname:"inn", pkgver:"2.4.1", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"inn", pkgver:"2.4.1", pkgarch:"i486", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://archives.neohapsis.com/archives/bugtraq/2004-01/0063.html
- http://archives.neohapsis.com/archives/bugtraq/2004-01/0064.html
- http://secunia.com/advisories/10578
- http://www.kb.cert.org/vuls/id/759020
- http://www.securityfocus.com/bid/9382
- http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.365791
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14190