Lucene search

[email protected]CVE-2002-1789

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2002-1789

2022-10-0316:23:46

[email protected]

web.nvd.nist.gov

cve-2002-1789

format string vulnerability

newsx nntp client

arbitrary code execution

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function.

Affected configurations

NVD

Node

newsxnewsxMatch1.4_pl6

CPENameOperatorVersion
newsx:newsxnewsxeq1.4_pl6

CPE	Name	Operator	Version
newsx:newsx	newsx	eq	1.4_pl6

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc

www.iss.net/security_center/static/9583.php

www.securityfocus.com/bid/5240

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2002-1789

nvd1 cvelist1