-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		buffer overflow in inews
Advisory number: 	CSSA-1999:026.0
Issue date: 		1999 September, 3
Last revised:           1999 September, 6
Cross reference:
______________________________________________________________________________


1. Problem Description

   The 'INN' (InterNetNews) package contains the 'inews' binary, 
   which is used for injecting news articles into the server. 
   ISC, the maintainers of INN, have release a patch for several 
   buffer overflows in the passwd field handling and article header 
   parsing routines in inews, which allows any local user to gain 
   group 'news' access. 
   Since other parts of INN use group writeable files with 'news'          
   permissions and due to inherent complexity of INN a further 
   chain of exploits could be used to gain 'news' user access 
   and (theoretically) 'root' access.     


2. Vulnerable Versions

   Systems : COL 2.2, COL 2.3
   Packages: previous to inn-2.2.1-1

3. Solutions

   Workaround:

	chmod 550 /usr/libexec/inn/bin/inews                                    
                                                                                
        Since the 'rnews' binary might also be affected, if you do not use      
        UUCP you should do:                                                     
        
        chown news /usr/libexec/inn/rnews                               
        chgrp news /usr/libexec/inn/rnews                               
        chmod 500  /usr/libexec/inn/rnews                               
                                                                                
   The proper solution is to upgrade to the latest packages

	rpm -U inn-2.2.1-1.i386.rpm
	
4. Location of Fixed Packages

   The upgrade packages can be found on Caldera's FTP site at:

   ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/

   The corresponding source code package can be found at:

   ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.3/current/SRPMS


5. Installing Fixed Packages

   Upgrade the affected packages with the following commands:

        rpm -U inn-2.2.1-1.i386.rpm
	
6. Verification

   0592fc61404120f61ab9cc94d378d501  RPMS/inn-2.2.1-1.i386.rpm
   b392cfbf936e909983468e0709782ca1  SRPMS/inn-2.2.1-1.src.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/news/security/index.html

   This security fix closes Caldera's internal Problem Report 5113

8. Disclaimer
   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBN9PPL+n+9R4958LpAQE2AwP8DMpjz6yMAfmZ44mwuYnEvpfrMkK0e9wJ
egpuQZ2eEV0QqUJySe6HhF4CIfwT9hFH96YaPzv82ubBFeL6Pg+EIdSOMSCOdvv6
INAf9EiqgssTQeUj5VORECaIDw/u+sG1uupMF6EuEl8GSHI5NVKIJdp0Fw7cfuLZ
1lycxYGWaj4=
=hGAx
-----END PGP SIGNATURE-----