CVE-2001-1442

ISC InterNetNews <2.3.0 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2001-1442. PoCs published by Enrique A., alt3kx.

AI-analyzed exploit summary This exploit targets a buffer overflow in the innfeed utility's command-line parser by passing an overly long -c option. It iterates through buffer sizes to trigger the overflow, potentially allowing arbitrary code execution with the 'news' user privileges.

Description

Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Enrique A. · bashlocallinux
https://www.exploit-db.com/exploits/20778

This exploit targets a buffer overflow in the innfeed utility's command-line parser by passing an overly long -c option. It iterates through buffer sizes to trigger the overflow, potentially allowing arbitrary code execution with the 'news' user privileges.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: ISC InterNetNews innfeed
No auth needed
Prerequisites: Local access to the system · innfeed utility installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Enrique A. · clocallinux
https://www.exploit-db.com/exploits/20777

This exploit targets a buffer overflow in the innfeed utility (part of ISC InterNetNews) via the -c command-line option. It includes shellcode for privilege escalation to root (setuid(0)) and is designed for x86 Linux systems, with specific paths for RedHat and Slackware.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: ISC InterNetNews innfeed (versions affected by CVE-2001-1442)
No auth needed
Prerequisites: Local access to the system · Presence of vulnerable innfeed binary · Execution via startinnfeed (SUID root)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by alt3kx · poc
https://github.com/alt3kx/CVE-2001-1442

This repository contains a functional exploit for CVE-2001-1442, a buffer overflow vulnerability in ISC INN 2.x's startinnfeed utility. The exploit includes shellcode for privilege escalation and a brute-force script to determine the correct offset.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: ISC INN 2.x
No auth needed
Prerequisites: Access to a vulnerable ISC INN 2.x installation · Ability to execute the startinnfeed binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/943536
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6398
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1001353
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2620
Exploit, Patch mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/178011
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-04/0311.html

Scores

EPSS 0.0189
EPSS Percentile 76.8%

Details

Status published
Products (6)
isc/inn 2.0
isc/inn 2.1
isc/inn 2.2
isc/inn 2.2.1
isc/inn 2.2.2
isc/inn 2.2.3
Published Apr 21, 2001
Tracked Since Feb 18, 2026