Description
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Paul Starzetz · textlocallinux
https://www.exploit-db.com/exploits/21375
References (3)
Core 3
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4501
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/8834.php
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html
Scores
EPSS
0.0435
EPSS Percentile
89.0%
Details
Status
published
Products (6)
isc/inn
2.0
isc/inn
2.1
isc/inn
2.2
isc/inn
2.2.1
isc/inn
2.2.2
isc/inn
2.2.3
Published
Aug 12, 2002
Tracked Since
Feb 18, 2026