Published: 01/02/2005 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Buffer overflow in the socket_getline function in Newspost 2.1.1 and previous versions allows remote malicious NNTP servers to execute arbitrary code via a long string without a newline character.

Vulnerable Product	Search on Vulmon	Subscribe to Product
newspost newspost

/* * v02 * Newspost "socket_getline()" Buffer Overflow Exploit * Exploit * Bug discovered: 02/03/2005 * * cybertronic[at]gmx[dot]net * * [ cybertronic @ newspost ] $ gcc -o newspost_expl newspost_explc * [ cybertronic @ newspost ] $ /newspost_expl cyber tronic * Usage * ----- * [ Bindshell ] /newspost_expl * [ Reverseshell ] /n ...

source: wwwsecurityfocuscom/bid/12418/info Newspost is prone to a remote buffer overflow vulnerability due to an unbounded memory copy operation The problem occurs in the 'socket_getline()' function of 'socketc' when the vulnerable client handles NNTP server responses Successful exploitation of this issue could potentially lead to ar ...

NVD-CWE-Other http://people.freebsd.org/~niels/issues/newspost-20050114.txt http://www.vuxml.org/freebsd/7f13607b-6948-11d9-8937-00065be4b5b6.html http://security.gentoo.org/glsa/glsa-200502-05.xml http://secunia.com/advisories/14092/http://www.securityfocus.com/bid/12418 http://securitytracker.com/id?1013056 http://secunia.com/advisories/14098 http://marc.info/?l=bugtraq&m=110746336728781&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19178 https://nvd.nist.gov https://www.exploit-db.com/exploits/785/

CVE-2005-0101

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect