INND exploit

[frankm () CNA TEK COM (Frank 'Scruffy' Miller)]

Just verified ... if you do a 'make update' from a previous
innd (eg innd1.4unoff4) to upgrade to 1.5.1 you will still have
your old parsecontrol script. The exploit will still work.

The temporary fix is to copy over the new parsecontrol.

The real fix is a newinstall of 1.5.1 with the conf files, lib's, etc pushed
on top.

Per tale () uunet uu net, utilzing PGP authentification of replacing newgroup or
turning newgroup to drop will not fix this as parsecontrol is called first.

Frank
---
Frank Miller
IS/Technical Computing Group Leader
Tektronix CNA Division