Bugtraq mailing list archives
INND exploit
From: frankm () CNA TEK COM (Frank 'Scruffy' Miller)
Date: Tue, 18 Mar 1997 12:48:11 -0800
Just verified ... if you do a 'make update' from a previous innd (eg innd1.4unoff4) to upgrade to 1.5.1 you will still have your old parsecontrol script. The exploit will still work. The temporary fix is to copy over the new parsecontrol. The real fix is a newinstall of 1.5.1 with the conf files, lib's, etc pushed on top. Per tale () uunet uu net, utilzing PGP authentification of replacing newgroup or turning newgroup to drop will not fix this as parsecontrol is called first. Frank --- Frank Miller IS/Technical Computing Group Leader Tektronix CNA Division
Current thread:
- INND exploit Frank 'Scruffy' Miller (Mar 18)