-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		inn package allows local users to obtain su privilege
Advisory number: 	CSSA-1999:011.0
Issue date: 		1999 May 25
Cross reference: 
______________________________________________________________________________


1. Problem Description

   This vulnerability allows local users to obtain super user
   privilege. In order for an attacker to exploit the vulnerability, INN
   does not have to be configured or even running; all that is required
   for an attack is that it has been installed.

   The INN package contains a program called inndstart (used to start the
   main server program, innd). This program is setuid root. When invoked,
   it obtains its configuration from the file /etc/news/inn.conf.
   The location in the file can be overridden using the INNCONF
   environment variable.


2. Vulnerable Versions

   Systems:     OpenLinux 1.0, 1.1, 1.2, 1.3, 2.2.
   Packages:    previous to inn-2.1-3.i386.rpm
      
3. Solutions

   1.      If you are not using INN, simply remove the
	   package:

	   	rpm -e inn

	   or disable the setuid bit on the ctlinnd binary:

	   	chmod u-s /usr/libexec/inn/ctlinnd

   2.      Upgrade to the fixed RPM provided as upgrade 005				   (for OpenLinux 2.2 only).

		rpm -U inn-2.1-3.i386.rpm

	   This upgrade also fixes several functionality problems
	   (i.e. the package as shipped was at least partially broken).
																							
4. Location of Fixed Packages

   The upgrade packages can be found on Caldera's FTP site at:

   ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/

   The corresponding source code package can be found at:

   ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS


5. Installing Fixed Packages

   Upgrade the affected packages with the following commands:

   rpm -q inn && rpm -U inn-2.1-3.i386.rpm

6. Verification

   bcfab2f1f612a1cbc016189fa95ef708  README
   d30fbbd0d136482fde8a191909332376  RPMS/inn-2.1-3.i386.rpm
   d8d947c106a5f8891c0a6e3a48ba1c4a  SRPMS/inn-2.1-3.src.rpm


7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/news/security/index.html
  
   Additional documentation on this problem can be found in:
  

   This security fix closes Caldera's internal Problem Report 4576.


8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBN0qydun+9R4958LpAQG3cQP/agukdOEFpFnxsOlXE2xlwuuQS5DSsqog
YVaGuPX/Ee0EusGVpak5U1g6iFCj/StNEiqLNEsoAg8n0Fc60YtYbp/UXn05rD17
7PXMGFiqoX9Is+cId2aCZDnoZVa7Cf4LsQbSSsTmibdZixeDA9FngA7Mqp1Owfbz
Hhgr0wz1AGU=
=/W1B
-----END PGP SIGNATURE-----