Vulnerability found in cgi DNEWSWEB used for reading news groups from web. Its possible to overflow stack and read any file from remote host with web server rights. All versions and for all OSes exploitable. Example of reading file /etc/passwd for Linux included. Fixed in dnews 5.4c1, available here.
80c493b4fa962aa14ae596c3448a43d15955031505446513fe804663d836d3de