ISC innd 2.x Remote Buffer Overflow Vulnerability

innd 2.2.2 contains a remotely exploitable buffer overflow in code reached when a cancel request is sent to the "control" newsgroup, under the following condition: the cancel request contains a valid Message-ID but the From/Sender fields differ between the cancel request and the post referenced by the Message-ID. This attack only works against machines running INN with "verifycancels = true"


 

Privacy Statement
Copyright 2010, SecurityFocus