![[LWN Logo]](/images/lwn.banner.gif)
Date: Wed, 7 Jun 2000 11:38:45 -0600
From: Technical Support <support@phoenix.calderasystems.com>
To: announce@lists.calderasystems.com
Subject: Security Advisory: buffer overflow in inn
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: buffer overflow in inn
Advisory number: CSSA-2000-016.0
Issue date: 2000 June, 07
Cross reference:
______________________________________________________________________________
1. Problem Description
There is a buffer overflow in the handling of control articles in
some configurations of the InterNet News package (INN).
This lets malicious attackers tailor control message that might
give them access to the local 'news' account.
The sample configuration shipped by us does not enable that option,
and we recommend our users to disable the configuration option as
specified in the workaround below, since it is not RFC compliant
behaviour.
Fixed packages will be provided when the INN 2.2.3 bugfix release
becomes available.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux Desktop 2.3 previous to inn-2.2.3
OpenLinux eServer 2.3 previous to inn-2.2.3
and OpenLinux eBuilder
OpenLinux eDesktop 2.4 previous to inn-2.2.3
3. Solution
Workaround:
1. If you do not use INN, simply remove the package:
rpm -e inn
2. In /etc/news/inn.conf replace the line:
verifycancels: true
by
verifycancels: false
and reload the INN configuration:
/usr/libexec/inn/bin/ctlinnd reload all 'security fix'
4. OpenLinux Desktop 2.3
Shipped sample configuration not vulnerable.
No fixed packages released, see workaround above.
5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
Shipped sample configuration not vulnerable.
No fixed packages released, see workaround above
6. OpenLinux eDesktop 2.4
Shipped sample configuration not vulnerable.
No fixed packages released, see workaround above.
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix refers to Caldera's internal Problem Report 6825.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
9. Acknowledgements
Caldera Systems wishes to thank Michal Zalewski for discovering
and reporting the bug, and Russ Allbery for providing further
explanations regarding standard conformance.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5Pj6l18sy83A/qfwRAsNwAKCD13nrE4zfMCPeCViP4x/VFYQ0/gCfY8i7
AHTvNFJaDAypTkMbMGpBVBk=
=UEmy
-----END PGP SIGNATURE-----