Vulnerability Name:

CVE-2001-1442 (CCN-6398)

Assigned:2001-04-18
Published:2001-04-18
Updated:2017-07-11
Summary:Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
INN 2.3.0 fixes problem.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.8 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: BUGTRAQ
Type: Exploit
20010418 Innfeed Buffer Overflow

Source: CCN
Type: Defcom Labs Advisory def-2001-19
innfeed buffer overflow

Source: CCN
Type: BugTraq Mailing List, Wed Apr 18 2001 - 13:44:29 CDT
Re: Innfeed Buffer Overflow

Source: MITRE
Type: CNA
CVE-2001-1442

Source: CCN
Type: SECTRACK ID: 1001353
Innfeed Allows Local Users to Execute Arbitrary Code on the Server Under the News Group Privileges

Source: SECTRACK
Type: Exploit
1001353

Source: CCN
Type: Internet Software Consortium (ISC) Web site
INN: InterNetNews

Source: CCN
Type: US-CERT VU#943536
ISC InterNetNews (INN) innfeed contains buffer overflow

Source: CERT-VN
Type: US Government Resource
VU#943536

Source: CCN
Type: OSVDB ID: 19132
INN innfeed -c Parameter Local Overflow

Source: BUGTRAQ
Type: Exploit, Patch
20010418 Re: Innfeed Buffer Overflow

Source: BID
Type: Exploit, Patch
2620

Source: CCN
Type: BID-2620
innfeed Command-Line Buffer Overflow Vulnerability

Source: CCN
Type: BID-8510
ISC INN Innfeed Config File Command Line Format String Vulnerability

Source: XF
Type: UNKNOWN
innfeed-c-bo(6398)

Source: XF
Type: UNKNOWN
innfeed-c-bo(6398)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:isc:inn:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:isc:inn:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:isc:inn:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:isc:inn:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:isc:inn:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:isc:inn:2.2.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:isc:inn:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:isc:inn:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:isc:inn:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:isc:inn:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:isc:inn:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:isc:inn:2.2.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    isc inn 2.0
    isc inn 2.1
    isc inn 2.2
    isc inn 2.2.1
    isc inn 2.2.2
    isc inn 2.2.3
    isc inn 2.0
    isc inn 2.1
    isc inn 2.2
    isc inn 2.2.1
    isc inn 2.2.2
    isc inn 2.2.3