OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: zillion (zillionsnosoft.com)
Date: Fri May 31 2002 - 13:59:41 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ======================================================================

    Strategic Reconnaissance Team Security Advisory (SRT2002-04-31-1159)

    Topic : Mnews local and remote overflow vulnerabilities
    Date : May 31, 2002
    Credit : zillion[at]safemode.org
    Site : http://www.snosoft.com

    ======================================================================

    .: Description:
    ---------------

     Mnews is a small console based email and news client which is often
     installed setgid mail. Several local and remote overflows have been
     identified in this package.

     Local overflows where found in the -f, -n, -D, -M, -P parameters and
     in the JNAMES, MAILSERVER environment variables. The remote overflow
     resides in the code responsible for processing responses received from
     the NNTP server. For example the following response will result in an
     overflow:

     200 <a x 770>

     If you look at the source code of mnews you will see that this package
     is very outdated and dangerous to use on todays Internet.

    .: Impact:
    ----------

     Local users might be able to elevate their privileges on the affected
     systems. Remote malicious server owners can use mnews to penetrate an
     affected system.

     We strongly recommend to stop using mnews.

    .: Systems Affected:
    --------------------

     Systems running the mnews package version 1.22 are affected. It is
     very likely that older versions are also affected.

    .: Proof of Concept:
    --------------------

     A working exploit that illustrates the danger of this package will
     be released soon.