Vulnerability Name:

CVE-2004-0045 (CCN-14190)

Assigned:2004-01-07
Published:2004-01-07
Updated:2017-10-10
Summary:Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: BUGTRAQ
Type: Patch, Vendor Advisory
20040107 [SECURITY] INN: Buffer overflow in control message handling

Source: CCN
Type: BugTraq Mailing List, Wed Jan 07 2004 - 20:16:38 CST
INN: Buffer overflow in control message handling

Source: BUGTRAQ
Type: Patch, Vendor Advisory
20040108 [OpenPKG-SA-2004.001] OpenPKG Security Advisory (inn)

Source: MITRE
Type: CNA
CVE-2004-0045

Source: CCN
Type: SA10578
InterNetNews Control Message Handling Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
10578

Source: CCN
Type: Internet Software Consortium (ISC) Web site
INN: InterNetNews

Source: CCN
Type: US-CERT VU#759020
ISC InterNetNews (INN) contains buffer overflow in ARTpost() function

Source: CERT-VN
Type: US Government Resource
VU#759020

Source: CCN
Type: OpenPKG-SA-2004.001
INN

Source: CCN
Type: OSVDB ID: 34379
W-Agora change_password.php userid Parameter XSS

Source: CCN
Type: OSVDB ID: 6872
INN Control Message Handling Code Overflow

Source: BID
Type: Patch, Vendor Advisory
9382

Source: CCN
Type: BID-9382
ISC INN Control Message Handling Buffer Overrun Vulnerability

Source: CCN
Type: slackware-security Mailing List, Wed, 14 Jan 2004 22:23:37 -0800 (PST)
INN security update (SSA:2004-014-02)

Source: SLACKWARE
Type: UNKNOWN
SSA:2004-014-02

Source: XF
Type: UNKNOWN
inn-artpost-control-message-bo(14190)

Source: XF
Type: UNKNOWN
inn-artpost-control-message-bo(14190)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:isc:inn:2.4.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:isc:inn:2.4.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    isc inn 2.4.0
    isc inn 2.4.0
    openpkg openpkg current
    slackware slackware linux current
    openpkg openpkg 1.2
    slackware slackware linux 9.0
    openpkg openpkg 1.3
    slackware slackware linux 9.1