Caldera Systems Security Advisory: buffer overflow in inewsMar 15, 2000, 01:38 (0 Talkback[s])
Caldera Systems, Inc. Security Advisory
Subject: buffer overflow in inews
1. Problem Description
This advisory is a re-release of CSSA-1999-026.0, additionally covering the OpenLinux eServer platform. Users of the OpenLinux 2.3 Desktop product do not need to take additional actions if you have already upgraded to the inn package as update 016.
The 'INN' (InterNetNews) package contains the 'inews' binary, which is used for injecting news articles into the server. ISC, the maintainers of INN, have release a patch for several buffer overflows in the passwd field handling and article header parsing routines in inews, which allows any local user to gain group 'news' access.
Since other parts of INN use group writeable files with 'news' permissions and due to inherent complexity of INN a further chain of exploits could be used to gain 'news' user access and (theoretically) 'root' access.
2. Vulnerable Versions
System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to inn-2.2.1-1 (see update 016) OpenLinux eServer 2.3 All packages previous to inn-2.2.2-23. Solution
chmod 550 /usr/libexec/inn/bin/inewsThe proper solution is to upgrade to the fixed packages
Since the 'rnews' binary might also be affected, if you do not use UUCP you should do:
chown news /usr/libexec/inn/rnews chgrp news /usr/libexec/inn/rnews chmod 500 /usr/libexec/inn/rnews
rpm -U inn-2.2.1-1.i386.rpm4. OpenLinux Desktop 2.3
Fixed packages released with update 016
5. OpenLinux eServer 2.3
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
The corresponding source code package can be found at:
e7cbfb0fbe8e589b78bc75c621a9c2ba RPMS/inn-2.2.2-2.i386.rpm d6f11e575bf268920d24faba9fdc62fe SRPMS/inn-2.2.2-2.src.rpm5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -F inn-2.2.2-2.i386.rpm6. References
This and other Caldera security resources are located at:
Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux.