Vulnerability Report

CVE-2002-0525

Title: INN inews/rnews format string vulnerabilities

Privilege escalation

Proof Of Concept

PoC Available for CVE-2002-0525

CWE Category NVD-CWE-noinfo

Published Date Aug 12, 2002

Modified Date Apr 03, 2025

Exploit Status Available

Score 10.0 CVSS v2.0

Exploit Probability (EPSS)

4.35%

Vulnerability Summary

CVE-2002-0525: Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.

Impacted Vendors

isc 1

inn 1

Reference Links

http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html http://www.iss.net/security_center/static/8834.php http://www.securityfocus.com/bid/4501 http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html http://www.iss.net/security_center/static/8834.php http://www.securityfocus.com/bid/4501

CVSS v2.0

Source Entity [email protected]

Severity HIGH

10.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2002-0525 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/21375

View Code

April 03, 2025 MODIFIED

Vulnerability data or affected products updated.

August 12, 2002 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.