CVE-2001-1442
published 2001-04-21CVE-2001-1442: Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line…
PriorityP418medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.89%
76.9th percentile
Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | inn2 | < inn2 2.3.3+20020922-1 (bookworm) | inn2 2.3.3+20020922-1 (bookworm) |
| isc | inn | — | — |
| isc | inn | — | — |
| isc | inn | — | — |
| isc | inn | — | — |
| isc | inn | — | — |
| isc | inn | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2001-1442: inn2 - Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local ...
vendor_debian·2001·CVSS 4.6
CVE-2001-1442 [MEDIUM] CVE-2001-1442: inn2 - Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local ...
Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
Scope: local
bookworm: resolved (fixed in 2.3.3+20020922-1)
bullseye: resolved (fixed in 2.3.3+20020922-1)
forky: resolved (fixed in 2.3.3+20020922-1)
sid: resolved (fixed in 2.3.3+20020922-1)
trixie: resolved (fixed in 2.3.3+20020922-1)
GHSA
GHSA-wffw-62v7-rrv7: Buffer overflow in innfeed for ISC InterNetNews (INN) before 2
ghsa_unreviewed·2022-04-30
CVE-2001-1442 [MEDIUM] GHSA-wffw-62v7-rrv7: Buffer overflow in innfeed for ISC InterNetNews (INN) before 2
Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
OSV
CVE-2001-1442: Buffer overflow in innfeed for ISC InterNetNews (INN) before 2
osv·2001-04-21·CVSS 4.6
CVE-2001-1442 [MEDIUM] CVE-2001-1442: Buffer overflow in innfeed for ISC InterNetNews (INN) before 2
Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
No detection rules found.
Exploit-DB
ISC INN 2.x - Command-Line Buffer Overflow (2)
exploitdb·2001-04-18
CVE-2001-1442 ISC INN 2.x - Command-Line Buffer Overflow (2)
ISC INN 2.x - Command-Line Buffer Overflow (2)
---
source: https://www.securityfocus.com/bid/2620/info
The innfeed utility, part of ISC InterNetNews, has an exploitable buffer overflow in its command-line parser. Specifically, innfeed will overflow if an overly long -c option is passed to it.
A local attacker in the news group could use this overflow to execute arbitary code with an effective userid of news, which could constitute an elevation in privileges, and the ability to alter news-owned binaries that could be run by root.
Exploits are available against x86 Linux builds of innfeed.
#!/bin/ksh
L=-2000
O=40
while [ $L -lt 12000 ]
do
echo $L
L=`expr $L + 1`
./x-startinnfeed $L
done
Exploit-DB
ISC INN 2.x - Command-Line Buffer Overflow (1)
exploitdb·2001-04-18
CVE-2001-1442 ISC INN 2.x - Command-Line Buffer Overflow (1)
ISC INN 2.x - Command-Line Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/2620/info
The innfeed utility, part of ISC InterNetNews, has an exploitable buffer overflow in its command-line parser. Specifically, innfeed will overflow if an overly long -c option is passed to it.
A local attacker in the news group could use this overflow to execute arbitary code with an effective userid of news, which could constitute an elevation in privileges, and the ability to alter news-owned binaries that could be run by root.
Exploits are available against x86 Linux builds of innfeed.
/*
x-innfeed.c
Buffer overflow in innfeed being called from startinnfeed renders
uid(news) gid(news), startinnfeed is suid root so I have to also check
if I can manage to get root out of this ...
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2001-04/0311.htmlhttp://securitytracker.com/id?1001353http://www.kb.cert.org/vuls/id/943536http://www.securityfocus.com/archive/1/178011http://www.securityfocus.com/bid/2620https://exchange.xforce.ibmcloud.com/vulnerabilities/6398http://archives.neohapsis.com/archives/bugtraq/2001-04/0311.htmlhttp://securitytracker.com/id?1001353http://www.kb.cert.org/vuls/id/943536http://www.securityfocus.com/archive/1/178011http://www.securityfocus.com/bid/2620https://exchange.xforce.ibmcloud.com/vulnerabilities/6398
2001-04-21
Published