Format String Vulnerabilities in INN Products by Internet Systems Consortium
CVE-2002-0525

Currently unrated

Key Information:

Vendor: Isc
Status: Inn
Vendor: CVE Published:; 12 August 2002

What is CVE-2002-0525?

Multiple format string vulnerabilities exist in the inews and rnews components of INN versions up to 2.2.3, allowing both local users and remote malicious NNTP servers to exploit these vulnerabilities. By injecting crafted format string specifiers into NNTP responses, attackers can potentially escalate privileges and execute arbitrary code on affected systems. It is crucial for users of INN to apply necessary updates or mitigations to secure their networks against these vulnerabilities.

References

http://www.securityfocus.com/bid/4501

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/8834.php

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/bugtraq/2002-04/01...

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2002
Vulnerability Reserved
Jun 7, 2002

Isc

What is CVE-2002-0525?

References

Timeline