Mozilla < 1.7.5 Network News Transport Protocol Remote Heap Overflow

high Log Correlation Engine Plugin ID 801363

Synopsis

The remote host is vulnerable to a heap overflow.

Description

The remote host is using Mozilla.
The remote version of this software is vulnerable to a heap overflow against its NNTP functionality. This may allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to set up a rogue website and lure a victim on the remote host into visiting it.

Solution

Upgrade to Mozilla 1.7.5 or higher.

See Also

http://.mozilla.org/security/announce/mfsa2005-06.html

Plugin Details

Severity: High

ID: 801363

Family: Web Clients

Nessus ID: 16085

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.7

Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:C

Reference Information

CVE: CVE-2004-1316, CVE-2005-0141, CVE-2005-0143, CVE-2005-0144, CVE-2005-0145, CVE-2005-0146, CVE-2005-0147, CVE-2005-0148, CVE-2005-0149, CVE-2005-0150

BID: 12131, 12407