Bugtraq mailing list archives
Re: SNI-16: INN News Server Security Advisory
From: nmehl () LEFTBANK COM (Nathan J. Mehl)
Date: Mon, 28 Jul 1997 15:01:55 -0400
In the immortal words of Christopher Samuel:
In message <Pine.BSI.3.96.970721144428.9165A-100000 () silence secnet com>, "Secure Networks Inc." <sni () SILENCE SECNET COM> writes:
Fix Information ~~~~~~~~~~~~~~~ INN version 1.6 has been made availible at ftp://ftp.isc.org/isc/inn. A fix will not be made availible for prior releases and it is suggested that all users running INN upgrade to version 1.6 immediately.
Be aware the the SNI advisory is wrong on two counts here: 1. There is no "INN 1.6", at least not a released version. There is an early beta test version of 1.6 available on the ISC ftp site, but it is rather unstable and not at all a drop-in replacement for 1.5.1. There is an active discussion on the news.software.nntp newsgroup about this -- the current consensus is that 1.6b1 is not suitable for use in anything but a testing environment. 2. As of last friday, 25 Jul 97, the ISC has announced that they will be making a set of patches for 1.5.1 available.
It would appear that Miquel van Smoorenburg at Cistron has made available a patch for this bug, it's available from:
http://miquels.www.cistron.nl/inn/
I'm just passing this pointer on.
Disclaimer: Caveat emptor, examine the patch yourself and satisfy yourself with what it does. All disclaimers apply. Don't blame me for it.
Miquel is currently actively discussing his patches on news.software.nntp; a quick search with DejaNews can provide a great deal of relevant information on the subject. -n -- The life of a sysadmin is always intense! Nathan J. Mehl --- The LeftBank Operation nmehl () leftbank com -- http://www.leftbank.com
Current thread:
- Re: procmail, (continued)
- Re: procmail Brock Rozen (Jul 21)
- Re: procmail Casper Dik (Jul 21)
- Re: procmail Olaf Kirch (Jul 21)
- Re: procmail Casper Dik (Jul 22)
- AIX ping (Exploit) Bryan P. Self (Jul 20)
- AIX ping, lchangelv, xlock fixes Troy Bollinger (Jul 21)
- Re: procmail Philip Guenther (Jul 20)
- AIX lchangelv (Exploit) Bryan P. Self (Jul 20)
- SNI-16: INN News Server Security Advisory Secure Networks Inc. (Jul 21)
- Re: SNI-16: INN News Server Security Advisory Christopher Samuel (Jul 28)
- Re: SNI-16: INN News Server Security Advisory Nathan J. Mehl (Jul 28)
- Re: SNI-16: INN News Server Security Advisory Christopher Samuel (Jul 28)
- Re: procmail Adam Shostack (Jul 21)