CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-31998 – inn: %post calls user owned file allowing local privilege escalation to root
https://notcve.org/view.php?id=CVE-2021-31998
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2. Una vulnerabilidad de Permisos por Defecto Incorrectos en el empaquetado de inn de SUSE Linux Enterprise Server versión11-SP3; openSUSE Backports versión SLE-15-SP2, openSUSE Leap versión 15.2 permite a atacantes locales escalar sus privilegios del usuario de noticias a root. Este problema afecta a: SUSE Linux Enterprise Server versión 11-SP3 versión inn-2.4.2-170.21.3.1 y versiones anteriores. openSUSE Backports SLE-15-SP2 versiones inn anteriores a 2.6.2. openSUSE Leap 15.2 versiones inn anteriores a 2.6.2 • https://bugzilla.suse.com/show_bug.cgi?id=1182321 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-3692 – Local privilege escalation from user news to root in the packaging of inn
https://notcve.org/view.php?id=CVE-2019-3692
The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. El empaquetado de inn en SUSE Linux Enterprise Server versión 11; openSUSE Factory, Leap versión 15.1, permite a atacantes locales escalar desde un usuario inn a root, mediante ataques de tipo symlink. Este problema afecta a: inn versión 2.4.2-170.21.3.1 y versiones anteriores, de SUSE Linux Enterprise Server versión 11. inn versión 2.6.2-2.2 y versiones anteriores, de openSUSE Factory . inn versión 2.5.4-lp151.2.47 y versiones anteriores de openSUSE Leap versión 15.1. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00028.html https://bugzilla.suse.com/show_bug.cgi?id=1154302 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2012-3523
https://notcve.org/view.php?id=CVE-2012-3523
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. La implementación STARTTLS en nnrpd en INN antes de v2.5.3 no restringe correctamente el búfer de E/S, lo que permite a atacantes man-in-the-middle introducir comandos en sesiones cifradas mediante el envío de un comando en texto plano que se procesa después de se establezca el TLS, relacionado con un ataque de "inyección de comando en texto claro", un problema similar a CVE-2011-0411. • http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html http://secunia.com/advisories/50661 http://www.mandriva.com/security/advisories?name=MDVSA-2012:156 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 94%CPEs: 1EXPL: 0CVE-2004-0045
https://notcve.org/view.php?id=CVE-2004-0045
Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code. Desbordamiento de búfer en el código de control del mensaje en INN 2.4.0 puede permitir que atacantes remotos ejecuten código arbitrario. • http://archives.neohapsis.com/archives/bugtraq/2004-01/0063.html http://archives.neohapsis.com/archives/bugtraq/2004-01/0064.html http://secunia.com/advisories/10578 http://www.kb.cert.org/vuls/id/759020 http://www.securityfocus.com/bid/9382 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.365791 https://exchange.xforce.ibmcloud.com/vulnerabilities/14190 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2002-0526
https://notcve.org/view.php?id=CVE-2002-0526
Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls. Vulnerabilidad en inews o rnews en INN 2.2.3 y anteriores, relacionada con llamadas poco seguras a open(). • http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html https://exchange.xforce.ibmcloud.com/vulnerabilities/42803 •