Lucene search

GoogleOSV:DSA-1622-1

HistoryJul 31, 2008 - 12:00 a.m.

newsx - arbitrary code execution

2008-07-3100:00:00

Google

osv.dev

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

It was discovered that newsx, an NNTP news exchange utility, was affected
by a buffer overflow allowing remote attackers to execute arbitrary code
via a news article containing a large number of lines starting with a period.

For the stable distribution (etch), this problem has been fixed in version
1.6-2etch1.

For the testing (lenny) and unstable distribution (sid), this problem has
been fixed in version 1.6-3.

We recommend that you upgrade your newsx package.

CPENameOperatorVersion
newsxeq1.6-2

CPE	Name	Operator	Version
	newsx	eq	1.6-2

References

www.debian.org/security/2008/dsa-1622

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for OSV:DSA-1622-1