Signature Detail
Short Name |
NNTP:INN:INND-OF1 |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
NNTP |
Keywords |
nntp inn news |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
NNTP: INND Remote Buffer Overflow (1)
This signature detects attempts to exploit a known vulnerability against the INND daemon that ships by default with Red Hat 6.2. Versions earlier than INND/NNRP 1.6.x are vulnerable. A successful attacker can gain root access.
Extended Description
innd 2.2.2 contains a remotely exploitable buffer overflow in code reached when a cancel request is sent to the "control" newsgroup, under the following condition: the cancel request contains a valid Message-ID but the From/Sender fields differ between the cancel request and the post referenced by the Message-ID. This attack only works against machines running INN with "verifycancels = true"
Affected Products
- ISC INN 2.0.0
- ISC INN 2.1.0
- ISC INN 2.2.0
- ISC INN 2.2.1
- ISC INN 2.2.2
References
- BugTraq: 1316
- CVE: CVE-2000-0472
- URL: http://online.securityfocus.com/advisories/292