Bugtraq mailing list archives
Re: INN1.4sec on Linux
From: barr () math psu edu (Dave Barr)
Date: Mon, 25 Sep 1995 13:48:04 -0400
In message <m0sue0r-00005AC () monad swb de>, Olaf Kirch writes:
there's a problem with INN1.4sec as distributed on sunsite and probably a number of Linux distributions. Control messages are parsed by shell scripts, which (at least for some shells) allow remote users to execute arbitrary commands on your news host.
It should be noted that my INN 1.4unoff2 release includes a fix for this. As far as I know, it fixes the problem. It doesn't include a fix for rnews, however. I think rnews itself should clear the environment itself and set the PATH. --Dave
Current thread:
- load.root (loadmodule hole) der Mouse (Sep 15)
- Re: load.root (loadmodule hole) Urban (Sep 15)
- Re: load.root (loadmodule hole) Fred Blonder (Sep 15)
- Re: load.root (loadmodule hole) Pat The Friendly RedNeck (Sep 15)
- Re: load.root (loadmodule hole) Urban (Sep 18)
- INN1.4sec on Linux Olaf Kirch (Sep 18)
- Re: INN1.4sec on Linux Dave Barr (Sep 25)
- Re: load.root (loadmodule hole) Fred Blonder (Sep 15)
- <Possible follow-ups>
- Re: load.root (loadmodule hole) Brad Powell (Sep 15)
- Re: load.root (loadmodule hole) Karl Strickland (Sep 17)
- Re: load.root (loadmodule hole) Casper Dik (Sep 26)
- Re: load.root (loadmodule hole) Brad Powell (Sep 16)
- Re: load.root (loadmodule hole) Dave Mitchell (Sep 18)
- Re: load.root (loadmodule hole) Urban (Sep 15)