VULHUB ™

A format string vulnerability has been reported in ISC INN (InterNetNews). The issue exists in the innfeed binary and may be triggered by including format specifiers as an argument when specifying a config file via the command line. This could be exploited to by an attacker with a group ID of news to execute arbitrary code in the context of the program, which may allow the attacker to gain the user ID of news on some systems. Further privilege escalation may be possible if this issue is successfully exploited.

A format string vulnerability has been reported in ISC INN (InterNetNews). The issue exists in the innfeed binary and may be triggered by including format specifiers as an argument when specifying a config file via the command line. This could be exploited to by an attacker with a group ID of news to execute arbitrary code in the context of the program, which may allow the attacker to gain the user ID of news on some systems. Further privilege escalation may be possible if this issue is successfully exploited.