Bug 64571 (CVE-2004-1316) - VUL-0: CVE-2004-1316: buffer overflow in NNTP handling in Mozilla <= 1.7.3
Summary: VUL-0: CVE-2004-1316: buffer overflow in NNTP handling in Mozilla <= 1.7.3
Status: RESOLVED FIXED
Alias: CVE-2004-1316
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Major
Target Milestone: ---
Assignee: Wolfgang Rosenauer
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2004-1316: CVSS v2 Base Score: 5....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-01-03 23:52 UTC by Marcus Meissner
Modified: 2021-11-05 16:16 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2005-01-03 23:52:27 UTC 
From: http://www.mozillazine.org/talkback.html?article=5844 
 
NNTP Security Flaw in Mozilla 1.7.3 and Below 
 
 
Friday December 31st, 2004 
 
 
Jonik writes: "A security vulnerability has been found that affects Mozilla 
1.7.3 and earlier versions. Apparently there is a flaw in the NNTP handling 
code which may cause heap overflow and allow remote attacker to execute 
arbitrary code." All the latest Mozilla versions are immune but there also 
appears to be some dispute as to whether this vulnerability was ever 
practically exploitable in the first place.
Comment 1 Marcus Meissner 2005-01-03 23:52:27 UTC 
<!-- SBZ_reproduce  -->
n/a
Comment 2 Marcus Meissner 2005-01-03 23:54:09 UTC 
https://bugzilla.mozilla.org/show_bug.cgi?id=264388 
 
no CAN assigned yet I think.
Comment 3 Wolfgang Rosenauer 2005-01-04 16:24:13 UTC 
working on it...
Comment 4 Wolfgang Rosenauer 2005-01-11 17:07:25 UTC 
submitted for all mozillas and thunderbirds.
Comment 5 Ludwig Nussel 2005-01-14 20:11:49 UTC 
CAN-2004-1316
Comment 6 Thomas Biege 2009-10-13 20:09:58 UTC 
CVE-2004-1316: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)