-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		buffer overflow in inews
Advisory number: 	CSSA-2000-005.0
Issue date: 		2000 March, 7
Cross reference:	CSSA-1999-026.0
______________________________________________________________________________


1. Problem Description

   This advisory is a re-release of CSSA-1999-026.0, additionally
   covering the OpenLinux eServer platform. Users of the OpenLinux
   2.3 Desktop product do not need to take additional actions if
   you have already upgraded to the inn package as update 016.

   The 'INN' (InterNetNews) package contains the 'inews' binary,
   which is used for injecting news articles into the server.  ISC,
   the maintainers of INN, have release a patch for several buffer
   overflows in the passwd field handling and article header parsing
   routines in inews, which allows any local user to gain group
   'news' access.

   Since other parts of INN use group writeable files with 'news'
   permissions and due to inherent complexity of INN a further
   chain of exploits could be used to gain 'news' user access and
   (theoretically) 'root' access.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Desktop 2.3        All packages previous to
                                inn-2.2.1-1
				(see update 016)

   OpenLinux eServer 2.3        All packages previous to
                                inn-2.2.2-2


3. Solution

   Workaround:

	chmod 550 /usr/libexec/inn/bin/inews                                    
                                                                                
        Since the 'rnews' binary might also be affected, if you do not use      
        UUCP you should do:                                                     
        
        chown news /usr/libexec/inn/rnews                               
        chgrp news /usr/libexec/inn/rnews                               
        chmod 500  /usr/libexec/inn/rnews                               
                                                                                
   The proper solution is to upgrade to the fixed packages

	rpm -U inn-2.2.1-1.i386.rpm
	 
4. OpenLinux Desktop 2.3

   Fixed packages released with update 016

5. OpenLinux eServer 2.3

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/eServer/updates/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderaystems.com/pub/eServer/updates/2.3/current/SRPMS

   5.2 Verification

       e7cbfb0fbe8e589b78bc75c621a9c2ba  RPMS/inn-2.2.2-2.i386.rpm
       d6f11e575bf268920d24faba9fdc62fe  SRPMS/inn-2.2.2-2.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  rpm -F inn-2.2.2-2.i386.rpm
   
6. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

7. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBOMUWien+9R4958LpAQF8UAP9HpWLyJa61PrXFGrQvbJx1TgLijmmUAZc
uKA0pDSTjoJGZ/vCurFAXFHg/6slmiUzfXpu4yYxmA8cOMfCMwhbCSEfSc/BaJAq
/KFLmBOoa9McqS515Ddm0vP299Zo1kuDVmZbkbPaYrDvVMvUz8tgYpFdLQNWz5cm
9f6VGjXE7oo=
=vkIV
-----END PGP SIGNATURE-----