Vulnerability Details CVE-2002-0525
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.044
EPSS Ranking 88.5%
CVSS Severity
CVSS v2 Score 10.0
References
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html
- http://www.iss.net/security_center/static/8834.php
- http://www.securityfocus.com/bid/4501
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html
- http://www.iss.net/security_center/static/8834.php
- http://www.securityfocus.com/bid/4501
Products affected by CVE-2002-0525
-
cpe:2.3:a:isc:inn:2.0
-
cpe:2.3:a:isc:inn:2.1
-
cpe:2.3:a:isc:inn:2.2
-
cpe:2.3:a:isc:inn:2.2.1
-
cpe:2.3:a:isc:inn:2.2.2
-
cpe:2.3:a:isc:inn:2.2.3