Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0909

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0909
Last Modified 05 Sep 2008 04:29:16
Published 04 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0909

Summary

Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote NNTP server to execute arbitrary code via long responses, or local users can gain privileges via long command line arguments (2) -f, (3) -n, (4) -D, (5) -M, or (6) -P, or via long environment variables (7) JNAMES or (8) MAILSERVER.

Vulnerable Systems

Application

  • Matsushita Research Mnews 1.2.2


References

BID - 4900

BID - 4899

XF - mnews-multiple-local-bo(9227)

XF - mnews-nntp-response-bo(9226)

BUGTRAQ - 20020531 SRT Security Advisory (SRT2002-04-31-1159): Mnews

VULN-DEV - 20020531 Mnews 1.22 PoC exploit


Last Updated: 27 May 2016 10:37:07