Published: 12/08/2002 Updated: 05/09/2008

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument.

Vulnerable Product	Search on Vulmon	Subscribe to Product
slrn development team slrn 0.9.6.3
slrn development team slrn 0.9.6.4
slrn development team slrn 0.9.6.2

source: wwwsecurityfocuscom/bid/4569/info N is a freely available, open source news reading utility It is developed and maintained by the SLRN project, and designed for use on various operating systems This problem affects the UNIX and Linux implementation Due to a boundary condition error, a buffer overflow condition exists in spool ...

SLRNPull Spool Directory Command Line Parameter Buffer Overflow Vulnerability

CVE-2002-0740 SLRNPull Spool Directory Command Line Parameter Buffer Overflow Vulnerability Packetstorm publication at packetstormsecuritycom/files/25989/slrnpulloverflowtxthtml Securiteam publication at wwwsecuriteamcom/unixfocus/5FP0R0K6UChtml Securityfocus publication at wwwsecurityfocuscom/bid/4569 Public Exploit: wwwsecurityfocusco

NVD-CWE-Other http://online.securityfocus.com/archive/1/269667 http://www.iss.net/security_center/static/8910.php http://www.securityfocus.com/bid/4569 http://archives.neohapsis.com/archives/bugtraq/2002-04/0302.html http://online.securityfocus.com/archive/1/270235 https://nvd.nist.gov https://github.com/alt3kx/CVE-2002-0740 https://www.exploit-db.com/exploits/21408/

CVE-2002-0740

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect