{"vuid":"VU#943536","idnumber":"943536","name":"ISC InterNetNews (INN) innfeed contains buffer overflow","keywords":["ISC","InterNetNews","INN","innfeed"],"overview":"A locally exploitable buffer overflow exists in ISC InterNetNews.","clean_desc":"InterNetNews is a Usenet/Netnews news server supported by the Internet Software Consortium and volunteers. Innfeed is a component of InterNetNews that implements the NNTP protocol for transerring news between hosts. A locally exploitable buffer overflow exists in Innfeed that could allow a local intruder to overflow a buffer by passing it extremely long command-line arguments. This vulnerability affects versions of INN prior to INN 2.3.0.","impact":"An intruder can execute arbitrary code on the target system as the user running InterNetNews, typically news.","resolution":"Upgrade INN to 2.3.0, which includes a rewritten startinnfeed utility.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by Enrique A. Sanchez Montellano  <enrique.sanchez@defcom.com> and Alex Hernandez <alex.hernandez@defcom.com>.","author":"This document was written by Ian A. Finlay and is based on information obtained from a Defcom Labs Advisory.","public":["http://www.securityfocus.com/bid/2620","http://www.securityfocus.com/advisories/3220","http://www.isc.org/products/INN/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-06-20T22:00:00Z","publicdate":"2001-04-18T00:00:00Z","datefirstpublished":"2001-09-05T14:45:02Z","dateupdated":"2001-09-05T14:45:03Z","revision":41,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"10","cam_impact":"10","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"7.03125","cam_scorecurrentwidelyknown":"7.03125","cam_scorecurrentwidelyknownexploited":"12.65625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.03125,"vulnote":null}