mailing list archives
Re: SNI-16: INN News Server Security Advisory
From: nmehl () LEFTBANK COM (Nathan J. Mehl)
Date: Mon, 28 Jul 1997 15:01:55 -0400
In the immortal words of Christopher Samuel:
In message <Pine.BSI.3.96.970721144428.9165A-100000 () silence secnet com>,
"Secure Networks Inc." <sni () SILENCE SECNET COM> writes:
INN version 1.6 has been made availible at ftp://ftp.isc.org/isc/inn. A
fix will not be made availible for prior releases and it is suggested that
all users running INN upgrade to version 1.6 immediately.
Be aware the the SNI advisory is wrong on two counts here:
1. There is no "INN 1.6", at least not a released version. There
is an early beta test version of 1.6 available on the ISC ftp
site, but it is rather unstable and not at all a drop-in
replacement for 1.5.1. There is an active discussion on the
news.software.nntp newsgroup about this -- the current consensus
is that 1.6b1 is not suitable for use in anything but a testing
2. As of last friday, 25 Jul 97, the ISC has announced that they
will be making a set of patches for 1.5.1 available.
It would appear that Miquel van Smoorenburg at Cistron has made available
a patch for this bug, it's available from:
I'm just passing this pointer on.
Disclaimer: Caveat emptor, examine the patch yourself and satisfy
yourself with what it does. All disclaimers apply.
Don't blame me for it.
Miquel is currently actively discussing his patches on news.software.nntp;
a quick search with DejaNews can provide a great deal of relevant information
on the subject.
The life of a sysadmin is always intense!
Nathan J. Mehl --- The LeftBank Operation
nmehl () leftbank com -- http://www.leftbank.com
AIX ping (Exploit) Bryan P. Self (Jul 21)
Re: procmail Philip Guenther (Jul 21)
AIX lchangelv (Exploit) Bryan P. Self (Jul 21)
SNI-16: INN News Server Security Advisory Secure Networks Inc. (Jul 21)
Re: procmail Adam Shostack (Jul 21)
- Re: procmail, (continued)