From listmaster@locutus.calderasystems.com Thu Sep 2 15:29:23 1999 From: listmaster@locutus.calderasystems.com Resent-From: mea culpa To: announce@lists.calderasystems.com Resent-To: jericho@attrition.org Date: 2 Sep 1999 21:28:33 -0000 Reply-To: info@calderasystems.com Subject: Security Advisory 26 -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: buffer overflow in inews Advisory number: CSSA-1999:026.0 Issue date: 1999 September Cross reference: ______________________________________________________________________________ 1. Problem Description The 'INN' (InterNetNews) package contains the 'inews' binary, which is used for injecting news articles into the server. ISC, the maintainers of INN, have released a patch for several buffer overflows in the passwd field handling and article header parsing routines in inews, which allows any local user to gain group 'news' access. Since other parts of INN use group writable files with 'news' permissions and due to the inherent complexity of INN a further chain of exploits could be used to gain 'news' user access and (theoretically) 'root' access. 2. Vulnerable Versions Systems : COL 2.2 Packages: previous to inn-2.2.1-1 3. Solutions Workaround: chmod 550 /usr/libexec/inn/bin/inews Since the 'rnews' binary might also be affected, if you do not use UUCP you should do: chown news /usr/libexec/inn/rnews chgrp news /usr/libexec/inn/rnews chmod 500 /usr/libexec/inn/rnews The proper solution is to upgrade to the latest packages rpm -U inn-2.2.1-1.i386.rpm 4. Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS 5. Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -U inn-2.2.1-1.i386.rpm 6. Verification 0592fc61404120f61ab9cc94d378d501 RPMS/inn-2.2.1-1.i386.rpm b392cfbf936e909983468e0709782ca1 SRPMS/inn-2.2.1-1.src.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/news/security/index.html This security fix closes Caldera's internal Problem Report 5113 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN85xLen+9R4958LpAQEXxwQAvhK2BKhYR0D3ayluCLGXesDPHffMLnmr HsFTaP9TUN7jtDr7tyR+DQIq+Re2z41NaDkxzI9YH0uuqg5II42uYaeEl4251J62 gV3x6c2u5lBlCos6wNEVRaGBSQPMroe8RXgzRVX6X1cs7J3JwdaadQKFNEtFrfjV h+2si6AlVMw= =2lOv -----END PGP SIGNATURE----- -- Note: To learn how to use this list server, email a "help" command to majordomo@lists.calderasystems.com.