Home page logo

bugtraq logo Bugtraq mailing list archives

Re: INN1.4sec on Linux
From: barr () math psu edu (Dave Barr)
Date: Mon, 25 Sep 1995 13:48:04 -0400

In message <m0sue0r-00005AC () monad swb de>, Olaf Kirch writes:
there's a problem with INN1.4sec as distributed on sunsite and probably
a number of Linux distributions. Control messages are parsed by shell
scripts, which (at least for some shells) allow remote users to execute
arbitrary commands on your news host.

It should be noted that my INN 1.4unoff2 release includes a fix for
this.  As far as I know, it fixes the problem.

It doesn't include a fix for rnews, however.  I think rnews itself
should clear the environment itself and set the PATH.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]