[5033] in bugtraq
Re: SNI-16: INN News Server Security Advisory
daemon@ATHENA.MIT.EDU (Nathan J. Mehl)
Mon Jul 28 16:00:34 1997
Date: Mon, 28 Jul 1997 15:01:55 -0400
Reply-To: "Nathan J. Mehl" <nmehl@LEFTBANK.COM>
From: "Nathan J. Mehl" <nmehl@LEFTBANK.COM>
X-To: C.Samuel@ERIS.DERA.GOV.UK
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <7412.870108876@cray.eris.dera.gov.uk> from "Christopher Samuel"
at Jul 28, 97 05:54:36 pm
In the immortal words of Christopher Samuel:
> In message <Pine.BSI.3.96.970721144428.9165A-100000@silence.secnet.com>,
> "Secure Networks Inc." <sni@SILENCE.SECNET.COM> writes:
> > Fix Information
> > ~~~~~~~~~~~~~~~
> >
> > INN version 1.6 has been made availible at ftp://ftp.isc.org/isc/inn. A
> > fix will not be made availible for prior releases and it is suggested that
> > all users running INN upgrade to version 1.6 immediately.
Be aware the the SNI advisory is wrong on two counts here:
1. There is no "INN 1.6", at least not a released version. There
is an early beta test version of 1.6 available on the ISC ftp
site, but it is rather unstable and not at all a drop-in
replacement for 1.5.1. There is an active discussion on the
news.software.nntp newsgroup about this -- the current consensus
is that 1.6b1 is not suitable for use in anything but a testing
environment.
2. As of last friday, 25 Jul 97, the ISC has announced that they
will be making a set of patches for 1.5.1 available.
> It would appear that Miquel van Smoorenburg at Cistron has made available
> a patch for this bug, it's available from:
> http://miquels.www.cistron.nl/inn/
> I'm just passing this pointer on.
> Disclaimer: Caveat emptor, examine the patch yourself and satisfy
> yourself with what it does. All disclaimers apply.
> Don't blame me for it.
Miquel is currently actively discussing his patches on news.software.nntp;
a quick search with DejaNews can provide a great deal of relevant information
on the subject.
-n
--
The life of a sysadmin is always intense!
Nathan J. Mehl --- The LeftBank Operation
nmehl@leftbank.com -- http://www.leftbank.com
