Signature Detail
Short Name |
NNTP:OVERFLOW:LINE-OVERFLOW |
|---|---|
Severity |
High |
Recommended |
No |
Category |
NNTP |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
NNTP Line Overflow
This protocol anomaly is an NNTP message line that is too long. The NNTP RFC defines 512 as the maximum number of characters, including the end-of-line terminator characters <CR><LF>.
Extended Description
The Microsoft Network News Transfer Protocol (NNTP) Component is prone to a buffer overflow condition. Successful exploitation of this vulnerability could allow remote code execution in the context of the process accessing the vulnerable component.
Affected Products
- Avaya DefinityOne Media Servers
- Avaya IP600 Media Servers
- Avaya Modular Messaging (MSS) 1.1.0
- Avaya Modular Messaging (MSS) 2.0.0
- Avaya S3400 Message Application Server
- Avaya S8100 Media Servers
- Microsoft Exchange Server 2000 SP1
- Microsoft Exchange Server 2000 SP2
- Microsoft Exchange Server 2000 SP3
- Microsoft Exchange Server 2000
- Microsoft Exchange Server 2003 SP1
- Microsoft Exchange Server 2003
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP4
- Microsoft Windows 2000 Server
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
References
- BugTraq: 11379
- CVE: CVE-2004-0574