NetWin WebNEWS Remote Buffer Overflow Vulnerability

WebNEWS is a server product designed to provide access to news groups through a web interface. It is able to connect to any standard NNTP server, and is available for Windows, BSD, Linux and most Unix systems.

A vulnerability has been reported in some versions of WebNEWS. It has been reported that supplying a value longer than approximately 1500 characters as the group parameter may cause a buffer overflow, overwriting stack memory. Exploitation of this vulnerability may result in the execution of arbitrary code as the web server.


Privacy Statement
Copyright 2010, SecurityFocus