[15231] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: innd 2.2.2 remote buffer overflow

daemon@ATHENA.MIT.EDU (Forrest J. Cavalier III)
Tue Jun 6 18:29:19 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-Id:  <200006062057.e56Kvxc03985@bean.epix.net>
Date:         Tue, 6 Jun 2000 16:54:52 -0500
Reply-To: forrest@mibsoftware.com
From: "Forrest J. Cavalier III" <mibsoft@EPIX.NET>
To: BUGTRAQ@SECURITYFOCUS.COM

Michal Zalewski <lcamtuf@TPI.PL> wrote:

> Newest innd 2.2.2, probably the most popular usenet news server (as well
> as previous versions) contain remotely exploitable, trivial on-stack
> buffer overflow in control articles handler.

INN 1.7.x and earlier is not affected by this.  The vulnerable code appeared
in the 2.x branch.

Forrest J. Cavalier III, INN customization and consulting
        http://www.mibsoftware.com/innsup.htm
Newsrate Usenet Server monitoring measures what you get.
        http://www.mibsoftware.com/userkt/newsrate/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[15231] in bugtraq

Re: innd 2.2.2 remote buffer overflow

daemon@ATHENA.MIT.EDU (Forrest J. Cavalier III)Tue Jun 6 18:29:19 2000

daemon@ATHENA.MIT.EDU (Forrest J. Cavalier III)
Tue Jun 6 18:29:19 2000