Bugtraq mailing list archives
Security problem in C news and INN
From: an46153 () anon penet fi (Featherlace)
Date: Wed, 23 Feb 1994 14:40:19 UTC
Maybe I'm the last person on the planet to realize this..... is it common knowledge that there's a *major* security hole in both C news performance release, and old versions of INN? If anyone doesn't know what I'm talking about, then you may want to disable newgroup and checkgroups processing from C news (performance release), and disable processing of ALL control messages except cancel from INN. Disable them <completely>, best with an "exit 0" at the first line of all appropriate scripts. Do not attempt to interpret or process these articles in any way. Don't do _anything_ with these articles except ignore them. This is overkill, but anything more specific would be too much of a giveaway. Someone, perhaps me, will post more details about this in a future message. ------------------------------------------To find out more about the anon service, send mail to help () anon penet fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin () anon penet fi.
Current thread:
- syslog/udp Tim Newsham (Feb 20)
- <Possible follow-ups>
- Re: syslog/udp Dave Hayes (Feb 22)
- Re: syslog/udp John Hawkinson (Feb 23)
- Security problem in C news and INN Featherlace (Feb 23)
- Re: Security problem in C news and INN Casper Dik (Feb 24)
- Re: Security problem in C news and INN Perry E. Metzger (Feb 24)
- Re: syslog/udp John Hawkinson (Feb 23)
- Re: syslog/udp scott () santafe edu (Feb 23)
- Re: syslog/udp Tim Newsham (Feb 23)
- Re: syslog/udp Julian Assange (Feb 23)
- daemon() Jim Wright (Feb 24)
- Thanks! Dave Hayes (Feb 23)