CVE-2002-0909

Name of the Vulnerable Software and Affected Versions: mnews versions 1.22 and earlier

Description: The issue allows for multiple buffer overflows, which can be exploited by a remote NNTP server to execute arbitrary code via long responses. Local users can also gain privileges through various means, including long command line arguments for options (1) -f, (2) -n, (3) -D, (4) -M, or (5) -P, or via long environment variables (6) JNAMES or (7) MAILSERVER.

Recommendations: For mnews versions 1.22 and earlier, consider updating to a version later than 1.22 to resolve the issue. As a temporary workaround, consider restricting the use of options -f, -n, -D, -M, and -P, and limiting the length of environment variables JNAMES and MAILSERVER to minimize the risk of exploitation.