CyberSec.Space Logo
Back to CVE Browser

CVE-2002-0525

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0700%
EPSS Percentile12.21th
PublishedAug 12, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.

Affected Platforms (CPE)

πŸ“¦
Isc

Inn

= 2.0
πŸ“¦
Isc

Inn

= 2.1
πŸ“¦
Isc

Inn

= 2.2
πŸ“¦
Isc

Inn

= 2.2.1
πŸ“¦
Isc

Inn

= 2.2.2
πŸ“¦
Isc

Inn

= 2.2.3

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html
πŸ”— http://www.iss.net/security_center/static/8834.php
πŸ”— http://www.securityfocus.com/bid/4501
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html
πŸ”— http://www.iss.net/security_center/static/8834.php
πŸ”— http://www.securityfocus.com/bid/4501

Related Vulnerabilities

CVE-1999-075410.0

The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF en...

CVE-2021-416629.8

The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP...

CVE-2021-414719.8

SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execut...

CVE-1999-00439.8

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.