| VID |
23014 |
| Severity |
40 |
| Port |
119 |
| Protocol |
TCP |
| Class |
NNTP |
| Detailed Description |
This version of INN service has flaws which execute arbitrary commands in the server when "verifycancels" option is enabled to inn.conf. As sending cancel requests includes long message ID to "verifycancels" option, attacker can generate Buffer overflow, and can raise problems which execute commands. |
| Recommendation |
Upgrade to version 2.2.3 or disable option verifycancels from this (modify inn.conf) |
| Related URL |
CVE-2000-0472 (CVE) |
| Related URL |
1316 (SecurityFocus) |
| Related URL |
4615 (ISS) |
|
