header-logo
Suggest Exploit
vendor:
DNews News Server
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: DNews News Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

DNews News Server Buffer Overflow Vulnerability

DNews News Server is a CGI application that gives access to a user's NNTP server over the web. There are many unchecked buffers in the program, some of which can be exploited directly from any browser. Supplying an overly long value for the 'group', 'cmd' and 'utag' variables, and possibly others, will overwrite their respective buffers. In this manner, arbitrary code can be executed on the remote target.

Mitigation:

Input validation should be used to prevent buffer overflows.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1172/info

DNews News Server is a CGI application that gives access to auser's NNTP server over the web. There are many unchecked buffers in the program, some of which can be exploited directly from any browser. Supplying an overlylong value for the "group", "cmd" and "utag" variables, and possibly others, will overwrite their respective buffers. In this manner, arbitrary code can be executed on the remote target.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19895.zip