|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Security problem in C news and INN
Perry E. Metzger (pmetzger
lehman.com)Thu, 24 Feb 1994 11:15:38 -0500
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Evil Pete: "Re: Security problem in C news and INN"
- Previous message: Casper Dik: "Re: Security problem in C news and INN"
- In reply to: Casper Dik: "Re: Security problem in C news and INN"
- Next in thread: Scott Chasin: "Re: Security problem in C news and INN"
This is bugtraq, not some CERT list. Would someone please explain how this hole works? I run C News, not INN, and I can't feel secure unless I can check the bug on my own. Perry Casper Dik says: > > >Maybe I'm the last person on the planet to realize this..... is it common > >knowledge that there's a *major* security hole in both C news performance > >release, and old versions of INN? > > > >If anyone doesn't know what I'm talking about, then you may want to disable > >newgroup and checkgroups processing from C news (performance release), and > >disable processing of ALL control messages except cancel from INN. Disable > >them <completely>, best with an "exit 0" at the first line of all > >appropriate scripts. Do not attempt to interpret or process these articles > >in any way. Don't do _anything_ with these articles except ignore them. > >This is overkill, but anything more specific would be too much of a > >giveaway. > > If you use INN, you can get inn1.4.sec from ftp.uu.net. > It fixes this problem. > I'm not sure that disabling all control messages except cancel > actually works. > > Casper
- Next message: Evil Pete: "Re: Security problem in C news and INN"
- Previous message: Casper Dik: "Re: Security problem in C news and INN"
- In reply to: Casper Dik: "Re: Security problem in C news and INN"
- Next in thread: Scott Chasin: "Re: Security problem in C news and INN"