-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
                   Caldera Systems, Inc.  Security Advisory

Subject:                buffer overflow in inn
Advisory number:        CSSA-2000-016.0
Issue date:             2000 June, 07
Cross reference:
______________________________________________________________________________


1. Problem Description

   There is a buffer overflow in the handling of control articles in
   some configurations of the InterNet News package (INN).
   This lets malicious attackers tailor control message that might
   give them access to the local 'news' account.

   The sample configuration shipped by us does not enable that option,
   and we recommend our users to disable the configuration option as
   specified in the workaround below, since it is not RFC compliant
   behaviour.

   Fixed packages will be provided when the INN 2.2.3 bugfix release
   becomes available.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Desktop 2.3        previous to inn-2.2.3

   OpenLinux eServer 2.3        previous to inn-2.2.3
   and OpenLinux eBuilder

   OpenLinux eDesktop 2.4       previous to inn-2.2.3


3. Solution

   Workaround:

   1. If you do not use INN, simply remove the package:

        rpm -e inn

   2. In /etc/news/inn.conf replace the line:

        verifycancels:          true

      by

        verifycancels:          false

      and reload the INN configuration:

        /usr/libexec/inn/bin/ctlinnd reload all 'security fix'

4. OpenLinux Desktop 2.3

   Shipped sample configuration not vulnerable.
   No fixed packages released, see workaround above.

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

   Shipped sample configuration not vulnerable.
   No fixed packages released, see workaround above

6. OpenLinux eDesktop 2.4

   Shipped sample configuration not vulnerable.
   No fixed packages released, see workaround above.

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix refers to Caldera's internal Problem Report 6825.

8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

9. Acknowledgements

   Caldera Systems wishes to thank Michal Zalewski for discovering
   and reporting the bug, and Russ Allbery for providing further
   explanations regarding standard conformance.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5Pj6l18sy83A/qfwRAsNwAKCD13nrE4zfMCPeCViP4x/VFYQ0/gCfY8i7
AHTvNFJaDAypTkMbMGpBVBk=
=UEmy
-----END PGP SIGNATURE-----