{"vuid":"VU#759020","idnumber":"759020","name":"ISC InterNetNews (INN) contains buffer overflow in ARTpost() function","keywords":["ISC InterNetNews","INN","buffer overflow","ARTpost()"],"overview":"The Internet Software Consortium's (ISC) InterNetNews (INN) is a Usenet application. A vulnerability in INN may permit a remote attacker to compromise the system.","clean_desc":"Version 2.4.0 of ISC's InterNetNews package contains a Network News Transfer Protocol  (NNTP) server that contains a buffer overflow condition. Versions 2.3.x and prior are not vulnerable to this issue. The vulnerability is in the code that processes control messages, specifically the ARTpost() function.","impact":"Exploitation of this vulnerability could permit a remote attacker to execute arbitrary code on the vulnerable server with the privileges of the innd process.","resolution":"Upgrade to version 2.4.1.","workarounds":"","sysaffected":"","thanks":"Thanks to Russ Allbery for reporting this vulnerability.","author":"This document was written by Jason A Rafail.","public":["h","t","t","p",":","/","/","w","w","w",".","s","e","c","u","n","i","a",".","c","o","m","/","a","d","v","i","s","o","r","i","e","s","/","1","0","5","7","8","/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-01-08T18:40:52Z","publicdate":"2004-01-07T00:00:00Z","datefirstpublished":"2004-01-15T15:08:55Z","dateupdated":"2004-01-16T14:29:12Z","revision":17,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"18","cam_easeofexploitation":"14","cam_attackeraccessrequired":"15","cam_scorecurrent":"17.71875","cam_scorecurrentwidelyknown":"21.2625","cam_scorecurrentwidelyknownexploited":"35.4375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":17.71875,"vulnote":null}