Vulnerability Description
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isc | Inn | 2.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html
- http://www.iss.net/security_center/static/8834.phpVendor Advisory
- http://www.securityfocus.com/bid/4501ExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html
- http://www.iss.net/security_center/static/8834.phpVendor Advisory
- http://www.securityfocus.com/bid/4501ExploitPatchVendor Advisory
FAQ
What is CVE-2002-0525?
CVE-2002-0525 is a vulnerability with a CVSS score of 10.0 (HIGH). Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
How severe is CVE-2002-0525?
CVE-2002-0525 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0525?
Check the references section above for vendor advisories and patch information. Affected products include: Isc Inn.