| VID |
23053 |
| Severity |
40 |
| Port |
119 |
| Protocol |
TCP |
| Class |
NNTP |
| Detailed Description |
The NNTP (Network News Transfer Protocol) daemon distributed with ISC INN (InterNetNews) 2.4.0 is vulnerable to a buffer overflow. The vulnerability exists in the control message handling code that was introduced into version 2.4.0. A remote attacker can send a specially-crafted control message to the victim's news server to cause the process to execute arbitrary code on the INN server with root privileges.
* Note: This check solely relied on the version number of the remote INN server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/349160
* Platforms Affected:
Internet Software Consortium INN version 2.4.0 |
| Recommendation |
Upgrade to the latest version of INN (2.4.1 or later), available from the ISC (Internet Software Consortium) Web site at http://www.isc.org/products/INN/
For OpenPKG:
Upgrade to the latest inn package, as listed in OpenPKG Security Advisory OpenPKG-SA-2004.001 at http://www.securityfocus.com/advisories/6220 |
| Related URL |
CVE-2004-0045 (CVE) |
| Related URL |
9382 (SecurityFocus) |
| Related URL |
14190 (ISS) |
|
