Vulnerabilites related to isc - inn
CVE-1999-0754 (GCVE-0-1999-0754)
Vulnerability from cvelistv5
Published
2000-06-02 04:00
Modified
2024-08-01 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:37.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "255",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/255"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.redhat.com/corp/support/errata/inn99_05_22.html"
},
{
"name": "CSSA-1999-011.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-011.0.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "255",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/255"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.redhat.com/corp/support/errata/inn99_05_22.html"
},
{
"name": "CSSA-1999-011.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-011.0.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/255"
},
{
"name": "http://www.redhat.com/corp/support/errata/inn99_05_22.html",
"refsource": "MISC",
"url": "http://www.redhat.com/corp/support/errata/inn99_05_22.html"
},
{
"name": "CSSA-1999-011.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-011.0.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0754",
"datePublished": "2000-06-02T04:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:37.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0360 (GCVE-0-2000-0360)
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19991124 Security hole in inn \u003c= 2.2.1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_34.html"
},
{
"name": "CSSA-1999-038.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt"
},
{
"name": "1249",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-11-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19991124 Security hole in inn \u003c= 2.2.1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_34.html"
},
{
"name": "CSSA-1999-038.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt"
},
{
"name": "1249",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1249"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19991124 Security hole in inn \u003c= 2.2.1",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_34.html"
},
{
"name": "CSSA-1999-038.0",
"refsource": "CALDERA",
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt"
},
{
"name": "1249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1249"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0360",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-05-23T00:00:00",
"dateUpdated": "2024-08-08T05:14:21.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1442 (GCVE-0-2001-1442)
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-08 04:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#943536",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/943536"
},
{
"name": "innfeed-c-bo(6398)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6398"
},
{
"name": "1001353",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1001353"
},
{
"name": "2620",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2620"
},
{
"name": "20010418 Re: Innfeed Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/178011"
},
{
"name": "20010418 Innfeed Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0311.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the \"news\" group to gain privileges via a long -c command line argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#943536",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/943536"
},
{
"name": "innfeed-c-bo(6398)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6398"
},
{
"name": "1001353",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1001353"
},
{
"name": "2620",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2620"
},
{
"name": "20010418 Re: Innfeed Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/178011"
},
{
"name": "20010418 Innfeed Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0311.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the \"news\" group to gain privileges via a long -c command line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#943536",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/943536"
},
{
"name": "innfeed-c-bo(6398)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6398"
},
{
"name": "1001353",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1001353"
},
{
"name": "2620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2620"
},
{
"name": "20010418 Re: Innfeed Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/178011"
},
{
"name": "20010418 Innfeed Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0311.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1442",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-04-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0705 (GCVE-0-1999-0705)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in INN inews program.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:37.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "616",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/616"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in INN inews program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "616",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/616"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in INN inews program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/616"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0705",
"datePublished": "2000-01-04T05:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:37.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0472 (GCVE-0-2000-0472)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000106 innd 2.2.2 remote buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html"
},
{
"name": "20000707 inn update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html"
},
{
"name": "innd-cancel-overflow(4615)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4615"
},
{
"name": "CSSA-2000-016.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt"
},
{
"name": "20000721 [ANNOUNCE] INN 2.2.3 available",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html"
},
{
"name": "20000722 MDKSA-2000:023 inn update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html"
},
{
"name": "1316",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000106 innd 2.2.2 remote buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html"
},
{
"name": "20000707 inn update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html"
},
{
"name": "innd-cancel-overflow(4615)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4615"
},
{
"name": "CSSA-2000-016.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt"
},
{
"name": "20000721 [ANNOUNCE] INN 2.2.3 available",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html"
},
{
"name": "20000722 MDKSA-2000:023 inn update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html"
},
{
"name": "1316",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000106 innd 2.2.2 remote buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html"
},
{
"name": "20000707 inn update",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html"
},
{
"name": "innd-cancel-overflow(4615)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4615"
},
{
"name": "CSSA-2000-016.0",
"refsource": "CALDERA",
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt"
},
{
"name": "20000721 [ANNOUNCE] INN 2.2.3 available",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html"
},
{
"name": "20000722 MDKSA-2000:023 inn update",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html"
},
{
"name": "1316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0472",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0785 (GCVE-0-1999-0785)
Vulnerability from cvelistv5
Published
2000-03-22 05:00
Modified
2024-08-01 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:37.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "254",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/254"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The INN inndstart program allows local users to gain root privileges via the \"pathrun\" parameter in the inn.conf file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "254",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/254"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The INN inndstart program allows local users to gain root privileges via the \"pathrun\" parameter in the inn.conf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/254"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0785",
"datePublished": "2000-03-22T05:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:37.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0100 (GCVE-0-1999-0100)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Remote access in AIX innd 1.5.1, using control messages.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Remote access in AIX innd 1.5.1, using control messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:39:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote access in AIX innd 1.5.1, using control messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0100",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0100",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0043 (GCVE-0-1999-0043)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 20:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0043"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:isc:inn:1.4sec:*:*:*:*:*:*:*",
"cpe:2.3:a:isc:inn:1.4sec2:*:*:*:*:*:*:*",
"cpe:2.3:a:isc:inn:1.4unoff3:*:*:*:*:*:*:*",
"cpe:2.3:a:isc:inn:1.4unoff4:*:*:*:*:*:*:*",
"cpe:2.3:a:isc:inn:1.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "inn",
"vendor": "isc",
"versions": [
{
"status": "affected",
"version": "1.4sec"
},
{
"status": "affected",
"version": "1.4sec2"
},
{
"status": "affected",
"version": "1.4unoff3"
},
{
"status": "affected",
"version": "1.4unoff4"
},
{
"status": "affected",
"version": "1.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscape:news_server:1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "news_server",
"vendor": "netscape",
"versions": [
{
"status": "affected",
"version": "1.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:bsdi:bsd_os:2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bsd_os",
"vendor": "bsdi",
"versions": [
{
"status": "affected",
"version": "2.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:caldera:openlinux:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openlinux",
"vendor": "caldera",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:redhat:linux:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux",
"vendor": "redhat",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:redhat:linux:4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux",
"vendor": "redhat",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
},
{
"cpes": [
"cpe:2.3:h:nec:goah_intrasv:1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goah_intrasv",
"vendor": "nec",
"versions": [
{
"status": "affected",
"version": "1.1"
}
]
},
{
"cpes": [
"cpe:2.3:h:nec:goah_networksv:1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:nec:goah_networksv:2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:nec:goah_networksv:3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goah_networksv",
"vendor": "nec",
"versions": [
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "3.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-1999-0043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T19:56:17.928328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T20:03:35.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Command execution via shell metachars in INN daemon (innd) 1.5 using \"newgroup\" and \"rmgroup\" control messages, and others."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:31:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0043"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command execution via shell metachars in INN daemon (innd) 1.5 using \"newgroup\" and \"rmgroup\" control messages, and others."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0043",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0043"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0043",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T20:03:35.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0525 (GCVE-0-2002-0525)
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:28.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4501",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4501"
},
{
"name": "inn-rnews-inews-format-string(8834)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8834.php"
},
{
"name": "20020411 Inn (Inter Net News) security problems",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4501",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4501"
},
{
"name": "inn-rnews-inews-format-string(8834)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8834.php"
},
{
"name": "20020411 Inn (Inter Net News) security problems",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4501"
},
{
"name": "inn-rnews-inews-format-string(8834)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8834.php"
},
{
"name": "20020411 Inn (Inter Net News) security problems",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0525",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:49:28.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0247 (GCVE-0-1999-0247)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-01 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:34:51.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1443"
},
{
"name": "19970721 INN news server vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_NAI",
"x_transferred"
],
"url": "http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1443"
},
{
"name": "19970721 INN news server vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_NAI"
],
"url": "http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1443"
},
{
"name": "19970721 INN news server vulnerabilities",
"refsource": "NAI",
"url": "http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0247",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:34:51.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3523 (GCVE-0-2012-3523)
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2012:156",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:156"
},
{
"name": "50661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50661"
},
{
"name": "openSUSE-SU-2012:1171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-22T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2012:156",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:156"
},
{
"name": "50661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50661"
},
{
"name": "openSUSE-SU-2012:1171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2012:156",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:156"
},
{
"name": "50661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50661"
},
{
"name": "openSUSE-SU-2012:1171",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3523",
"datePublished": "2012-11-11T11:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0868 (GCVE-0-1999-0868)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cs.ait.ac.th/joomla3/index.php/security-advisories?CERT/CA97/msg00027.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T05:30:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cs.ait.ac.th/joomla3/index.php/security-advisories?CERT/CA97/msg00027.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cs.ait.ac.th/joomla3/index.php/security-advisories?CERT/CA97/msg00027.shtml",
"refsource": "MISC",
"url": "https://www.cs.ait.ac.th/joomla3/index.php/security-advisories?CERT/CA97/msg00027.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0868",
"datePublished": "2000-01-04T05:00:00",
"dateReserved": "1999-12-08T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0706 (GCVE-0-1999-0706)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:37.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "583",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "583",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/583"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/583"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0706",
"datePublished": "2000-01-04T05:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:37.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0045 (GCVE-0-2004-0045)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040108 [OpenPKG-SA-2004.001] OpenPKG Security Advisory (inn)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0064.html"
},
{
"name": "VU#759020",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/759020"
},
{
"name": "9382",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9382"
},
{
"name": "inn-artpost-control-message-bo(14190)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14190"
},
{
"name": "SSA:2004-014-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.365791"
},
{
"name": "10578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10578"
},
{
"name": "20040107 [SECURITY] INN: Buffer overflow in control message handling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0063.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040108 [OpenPKG-SA-2004.001] OpenPKG Security Advisory (inn)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0064.html"
},
{
"name": "VU#759020",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/759020"
},
{
"name": "9382",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9382"
},
{
"name": "inn-artpost-control-message-bo(14190)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14190"
},
{
"name": "SSA:2004-014-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.365791"
},
{
"name": "10578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10578"
},
{
"name": "20040107 [SECURITY] INN: Buffer overflow in control message handling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0063.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040108 [OpenPKG-SA-2004.001] OpenPKG Security Advisory (inn)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0064.html"
},
{
"name": "VU#759020",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/759020"
},
{
"name": "9382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9382"
},
{
"name": "inn-artpost-control-message-bo(14190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14190"
},
{
"name": "SSA:2004-014-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.365791"
},
{
"name": "10578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10578"
},
{
"name": "20040107 [SECURITY] INN: Buffer overflow in control message handling",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0063.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0045",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-01-12T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2000-04-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5658CF74-5AF1-4161-BF4C-6A394F2AA164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62017AA2-B4DB-44AA-806C-6CFEC839E297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F9A712-AF96-4A04-B547-F29094ACFE9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2480B45-A626-49F5-A48B-BA6DFAA4411B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21969A37-9F10-4D70-AC73-F3DB4D169AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94FD2948-EF52-464B-A605-DA3806037762",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8211154-6685-4FF0-B3ED-43A5E5763A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F299301C-6BFC-436C-9CFD-2E291D3702AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF54738-3C44-4FD4-AA9C-CAB2E86B1DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF44364-0F57-4B74-81B0-501EA6B58501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:5.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "363AB7DB-A8BA-4D58-97C4-1DF1F0F43E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.0:*:i386:*:*:*:*:*",
"matchCriteriaId": "89F65C9D-BD68-4A86-BFDC-E7CE76F13948",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables."
}
],
"id": "CVE-1999-0706",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-04-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/583"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1997-02-20 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | inn | 1.5.1 | |
| netscape | news_server | 1.1 | |
| sun | sparc | * | |
| redhat | linux | 4.0 | |
| redhat | linux | 4.1 | |
| nec | goah_intrasv | r1.1 | |
| nec | goah_networksv | r1.2 | |
| nec | goah_networksv | r2.2 | |
| nec | goah_networksv | r3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5658CF74-5AF1-4161-BF4C-6A394F2AA164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:news_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0FB9EFB-F5C3-447B-A1B7-DB762F93D8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:sun:sparc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "727D196F-786C-4C50-BF72-BE9E14A243EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9092D88-585D-4A0C-B181-E8D93563C74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8211154-6685-4FF0-B3ED-43A5E5763A10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:goah_intrasv:r1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CA81EB-5910-454D-AB36-B3EF80CDC44F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nec:goah_networksv:r1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D66E31D1-4E06-49FC-AF8C-2904F8776CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nec:goah_networksv:r2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "289D9EB9-46B7-4176-B5EC-65768A18CAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nec:goah_networksv:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF85EE71-0A56-4F40-A90C-976541C8F33F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN."
}
],
"id": "CVE-1999-0868",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1997-02-20T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://www.cs.ait.ac.th/joomla3/index.php/security-advisories?CERT/CA97/msg00027.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cs.ait.ac.th/joomla3/index.php/security-advisories?CERT/CA97/msg00027.shtml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2025-04-11 00:51
Severity ?
Summary
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81DB051D-BFB7-4D5C-8B81-FD020B858606",
"versionEndIncluding": "2.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA721E1-1ED5-4855-9305-5BF6EAE84A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4sec:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D0063D-01CE-49E2-A19A-FA861F3C40CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4sec2:*:*:*:*:*:*:*",
"matchCriteriaId": "967E86C5-3635-49FF-A98A-C9B2BC85A812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4unoff3:*:*:*:*:*:*:*",
"matchCriteriaId": "14DBB010-4064-4B46-834C-6FD5F1FE78FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4unoff4:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE0D317-4F02-4896-95FC-20B64EB3A91F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9915A668-8E8C-4EC8-A72A-6937EC7D3496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5658CF74-5AF1-4161-BF4C-6A394F2AA164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62017AA2-B4DB-44AA-806C-6CFEC839E297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F9A712-AF96-4A04-B547-F29094ACFE9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2480B45-A626-49F5-A48B-BA6DFAA4411B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21969A37-9F10-4D70-AC73-F3DB4D169AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94FD2948-EF52-464B-A605-DA3806037762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC41E6D-B892-4888-8AEE-12287935F570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DED2B74-71B6-467C-8B07-F6F728AD7BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "862E58CF-7194-421D-9E7D-60DB8AA1F9CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F861584-D429-4E41-9003-97753BA64228",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."
},
{
"lang": "es",
"value": "La implementaci\u00f3n STARTTLS en nnrpd en INN antes de v2.5.3 no restringe correctamente el b\u00fafer de E/S, lo que permite a atacantes man-in-the-middle introducir comandos en sesiones cifradas mediante el env\u00edo de un comando en texto plano que se procesa despu\u00e9s de se establezca el TLS, relacionado con un ataque de \"inyecci\u00f3n de comando en texto claro\", un problema similar a CVE-2011-0411."
}
],
"id": "CVE-2012-3523",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-11T13:00:46.727",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50661"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:156"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-09-01 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in INN inews program.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFFB533-89C9-493A-851E-393D502C8A9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA94D5-0139-490C-8257-0751FE9FBAE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in INN inews program."
}
],
"id": "CVE-1999-0705",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-09-01T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/616"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F861584-D429-4E41-9003-97753BA64228",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el c\u00f3digo de control del mensaje en INN 2.4.0 puede permitir que atacantes remotos ejecuten c\u00f3digo arbitrario."
}
],
"id": "CVE-2004-0045",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0063.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0064.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10578"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/759020"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9382"
},
{
"source": "cve@mitre.org",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.365791"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0064.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/759020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.365791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14190"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-05-11 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2480B45-A626-49F5-A48B-BA6DFAA4411B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21969A37-9F10-4D70-AC73-F3DB4D169AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94FD2948-EF52-464B-A605-DA3806037762",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The INN inndstart program allows local users to gain root privileges via the \"pathrun\" parameter in the inn.conf file."
}
],
"id": "CVE-1999-0785",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-05-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/254"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-02-06 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2480B45-A626-49F5-A48B-BA6DFAA4411B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21969A37-9F10-4D70-AC73-F3DB4D169AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94FD2948-EF52-464B-A605-DA3806037762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC41E6D-B892-4888-8AEE-12287935F570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DED2B74-71B6-467C-8B07-F6F728AD7BF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID."
}
],
"id": "CVE-2000-0472",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-02-06T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1316"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4615"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2480B45-A626-49F5-A48B-BA6DFAA4411B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21969A37-9F10-4D70-AC73-F3DB4D169AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94FD2948-EF52-464B-A605-DA3806037762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC41E6D-B892-4888-8AEE-12287935F570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DED2B74-71B6-467C-8B07-F6F728AD7BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "862E58CF-7194-421D-9E7D-60DB8AA1F9CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses."
}
],
"id": "CVE-2002-0525",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8834.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8834.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4501"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-05-11 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFFB533-89C9-493A-851E-393D502C8A9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable."
}
],
"id": "CVE-1999-0754",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-05-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-011.0.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/corp/support/errata/inn99_05_22.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-011.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/corp/support/errata/inn99_05_22.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/255"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-10-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:1.4sec:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D0063D-01CE-49E2-A19A-FA861F3C40CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4sec2:*:*:*:*:*:*:*",
"matchCriteriaId": "967E86C5-3635-49FF-A98A-C9B2BC85A812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4unoff3:*:*:*:*:*:*:*",
"matchCriteriaId": "14DBB010-4064-4B46-834C-6FD5F1FE78FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4unoff4:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE0D317-4F02-4896-95FC-20B64EB3A91F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9915A668-8E8C-4EC8-A72A-6937EC7D3496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5658CF74-5AF1-4161-BF4C-6A394F2AA164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62017AA2-B4DB-44AA-806C-6CFEC839E297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F9A712-AF96-4A04-B547-F29094ACFE9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2480B45-A626-49F5-A48B-BA6DFAA4411B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21969A37-9F10-4D70-AC73-F3DB4D169AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94FD2948-EF52-464B-A605-DA3806037762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC41E6D-B892-4888-8AEE-12287935F570",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en INN 2.2.1 y anteriores permite a un atacante remoto causar denegaci\u00f3n de servicio mediante un articulo formateado maliciosamente."
}
],
"id": "CVE-2000-0360",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_34.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_34.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1249"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-04-21 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2480B45-A626-49F5-A48B-BA6DFAA4411B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21969A37-9F10-4D70-AC73-F3DB4D169AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94FD2948-EF52-464B-A605-DA3806037762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC41E6D-B892-4888-8AEE-12287935F570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DED2B74-71B6-467C-8B07-F6F728AD7BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "862E58CF-7194-421D-9E7D-60DB8AA1F9CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the \"news\" group to gain privileges via a long -c command line argument."
}
],
"evaluatorSolution": "INN 2.3.0 fixes problem.",
"id": "CVE-2001-1442",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-04-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0311.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1001353"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/943536"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/archive/1/178011"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/2620"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0311.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1001353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/943536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/archive/1/178011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/2620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6398"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1997-07-21 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA721E1-1ED5-4855-9305-5BF6EAE84A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4sec:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D0063D-01CE-49E2-A19A-FA861F3C40CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4sec2:*:*:*:*:*:*:*",
"matchCriteriaId": "967E86C5-3635-49FF-A98A-C9B2BC85A812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4unoff3:*:*:*:*:*:*:*",
"matchCriteriaId": "14DBB010-4064-4B46-834C-6FD5F1FE78FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4unoff4:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE0D317-4F02-4896-95FC-20B64EB3A91F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9915A668-8E8C-4EC8-A72A-6937EC7D3496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5658CF74-5AF1-4161-BF4C-6A394F2AA164",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands."
}
],
"id": "CVE-1999-0247",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1997-07-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1443"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1996-12-04 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:1.4sec:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D0063D-01CE-49E2-A19A-FA861F3C40CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4sec2:*:*:*:*:*:*:*",
"matchCriteriaId": "967E86C5-3635-49FF-A98A-C9B2BC85A812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4unoff3:*:*:*:*:*:*:*",
"matchCriteriaId": "14DBB010-4064-4B46-834C-6FD5F1FE78FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4unoff4:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE0D317-4F02-4896-95FC-20B64EB3A91F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:inn:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9915A668-8E8C-4EC8-A72A-6937EC7D3496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:news_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0FB9EFB-F5C3-447B-A1B7-DB762F93D8F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bsdi:bsd_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "766851E2-134A-4A89-931B-6F1753525684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:caldera:openlinux:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC52A20-B706-432D-9A15-45F48EB1B08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9092D88-585D-4A0C-B181-E8D93563C74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8211154-6685-4FF0-B3ED-43A5E5763A10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:goah_intrasv:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39F6E390-A2CF-4F42-83EC-65B23EC644CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nec:goah_networksv:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11389E13-8EE5-4C33-9A6D-4B30849F0722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nec:goah_networksv:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C409173-AC55-493F-9B55-51A69D933F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nec:goah_networksv:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC1F3C7-D016-44B4-843A-34538227668B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Command execution via shell metachars in INN daemon (innd) 1.5 using \"newgroup\" and \"rmgroup\" control messages, and others."
}
],
"id": "CVE-1999-0043",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "1996-12-04T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0043"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
1997-01-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Remote access in AIX innd 1.5.1, using control messages.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5658CF74-5AF1-4161-BF4C-6A394F2AA164",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Remote access in AIX innd 1.5.1, using control messages."
}
],
"id": "CVE-1999-0100",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1997-01-01T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0100"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}