Home page logo

bugtraq logo Bugtraq mailing list archives

Re: SNI-16: INN News Server Security Advisory
From: nmehl () LEFTBANK COM (Nathan J. Mehl)
Date: Mon, 28 Jul 1997 15:01:55 -0400

In the immortal words of Christopher Samuel:

In message <Pine.BSI.3.96.970721144428.9165A-100000 () silence secnet com>,
        "Secure Networks Inc." <sni () SILENCE SECNET COM> writes:

Fix Information

INN version 1.6 has been made availible at ftp://ftp.isc.org/isc/inn.  A
fix will not be made availible for prior releases and it is suggested that
all users running INN upgrade to version 1.6 immediately.

Be aware the the SNI advisory is wrong on two counts here:

1.      There is no "INN 1.6", at least not a released version.  There
        is an early beta test version of 1.6 available on the ISC ftp
        site, but it is rather unstable and not at all a drop-in
        replacement for 1.5.1.  There is an active discussion on the
        news.software.nntp newsgroup about this -- the current consensus
        is that 1.6b1 is not suitable for use in anything but a testing

2.      As of last friday, 25 Jul 97, the ISC has announced that they
        will be making a set of patches for 1.5.1 available.

It would appear that Miquel van Smoorenburg at Cistron has made available
a patch for this bug, it's available from:


I'm just passing this pointer on.

Disclaimer: Caveat emptor, examine the patch yourself and satisfy
            yourself with what it does. All disclaimers apply.
            Don't blame me for it.

Miquel is currently actively discussing his patches on news.software.nntp;
a quick search with DejaNews can provide a great deal of relevant information
on the subject.


The life of a sysadmin is always intense!
Nathan J. Mehl   ---   The LeftBank Operation
nmehl () leftbank com -- http://www.leftbank.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]