MNews Server Response Buffer Overflow Vulnerability

Mnews is a freely available, open source NNTP and mail client. It is designed to handle both Japanese and English character sets, and is available for the Unix and Linux operating systems.

Under some circumstances, it may be possible to exploit a buffer overflow in mnews. When a server sends a 200 response to a client, it may be possible for the server to include enough data in the response to trigger a buffer overflow. This overflow could result in the overwriting of stack memory, and the potential execution of attacker supplied instructions.


Privacy Statement
Copyright 2010, SecurityFocus