CVE-2002-0525
First published: Tue Jun 11 2002(Updated: )
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ISC INN | =2.2 | |
| ISC INN | =2.2.2 | |
| ISC INN | =2.0 | |
| ISC INN | =2.1 | |
| ISC INN | =2.2.1 | |
| ISC INN | =2.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-0525?
CVE-2002-0525 is classified as a medium-severity vulnerability due to the potential for privilege escalation.
How do I fix CVE-2002-0525?
To mitigate CVE-2002-0525, update to a patched version of ISC INN that resolves the format string vulnerabilities.
Which versions of ISC INN are affected by CVE-2002-0525?
ISC INN versions 2.0, 2.1, 2.2, 2.2.1, 2.2.2, and 2.2.3 are affected by CVE-2002-0525.
Can CVE-2002-0525 be exploited remotely?
Yes, CVE-2002-0525 can be exploited remotely by malicious NNTP servers.
What types of attacks can CVE-2002-0525 facilitate?
CVE-2002-0525 can facilitate local privilege escalation for users exploiting format string vulnerabilities.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/isc
- canonical/isc inn
- version/isc inn/2.2
- version/isc inn/2.2.2
- version/isc inn/2.0
- version/isc inn/2.1
- version/isc inn/2.2.1
- version/isc inn/2.2.3