[4187] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

INND exploit

daemon@ATHENA.MIT.EDU (Frank 'Scruffy' Miller)
Tue Mar 18 20:20:13 1997

Date: 	Tue, 18 Mar 1997 12:48:11 -0800
Reply-To: Frank 'Scruffy' Miller <frankm@CNA.TEK.COM>
From: Frank 'Scruffy' Miller <frankm@CNA.TEK.COM>
To: BUGTRAQ@NETSPACE.ORG

Just verified ... if you do a 'make update' from a previous
innd (eg innd1.4unoff4) to upgrade to 1.5.1 you will still have
your old parsecontrol script. The exploit will still work.

The temporary fix is to copy over the new parsecontrol.

The real fix is a newinstall of 1.5.1 with the conf files, lib's, etc pushed
on top.

Per tale@uunet.uu.net, utilzing PGP authentification of replacing newgroup or
turning newgroup to drop will not fix this as parsecontrol is called first.

Frank
---
Frank Miller
IS/Technical Computing Group Leader
Tektronix CNA Division


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4187] in bugtraq

INND exploit

daemon@ATHENA.MIT.EDU (Frank 'Scruffy' Miller)Tue Mar 18 20:20:13 1997

daemon@ATHENA.MIT.EDU (Frank 'Scruffy' Miller)
Tue Mar 18 20:20:13 1997