Multiple Vulnerabilities in INN

vendor:

Internet News (INN)

by:

SecurityFocus

7.2

CVSS

HIGH

Format String Vulnerabilities

134

CWE

Product Name: Internet News (INN)

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Unix based systems, including Linux

2002

Multiple Vulnerabilities in INN

Multiple vulnerabilities have been reported in two components of INN, inews and rnews. Reportedly, both are vulnerable to locally exploitable format string problems. Under some systems these binaries may be installed suid root or sgid news, allowing a local attacker to gain elevated privileges.

Mitigation:

Upgrade to the latest version of INN, or apply the appropriate patch.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4501/info

The Internet Software Consortium (ISC) Internet News (INN) project is a powerful, mature implementation of a usenet system, including a NNTP server and a newsreading server. It is available for a wide range of Unix based systems, including Linux.

Multiple vulnerabilities have been reported in two components of INN, inews and rnews. Reportedly, both are vulnerable to locally exploitable format string problems. Under some systems these binaries may be installed suid root or sgid news, allowing a local attacker to gain elevated privileges. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21375.tar.gz