Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote NNTP server to execute arbitrary code via long responses, or local users can gain privileges via long command line arguments (2) -f, (3) -n, (4) -D, (5) -M, or (6) -P, or via long environment variables (7) JNAMES or (8) MAILSERVER.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MNews多个缓冲区溢出漏洞
Vulnerability Description
Mnews是一款基于控制台的邮件和新闻客户端,主要设计用于处理日文和英文字符集,一般以setgid mail方式安装。 Mnews对命令行参数和环境变量的缓冲边界缺少正确充分检查,可导致本地攻击者进行缓冲区溢出,提升权限。 Mnews对部分命令选项如'-f'、'-D'、'-M'、'-P'和'-n'的参数数据缺少正确充分的边界缓冲检查,以及对MAILSERVER和JNAMES环境变量参数缺少正确充分的缓冲区边界检查,攻击者可以提供超长字符串作为参数给上述命令行选项或者环境变量,当程序运行时可导致产生缓冲区溢
CVSS Information
N/A
Vulnerability Type
N/A