---

Home Security

Caldera Systems Security Advisory: buffer overflow in inews

By

Caldera Systems, Inc. Security Advisory

Subject: buffer overflow in inews
Advisory number: CSSA-2000-005.0
Issue date: 2000 March, 7
Cross reference: CSSA-1999-026.0

1. Problem Description

This advisory is a re-release of CSSA-1999-026.0, additionally
covering the OpenLinux eServer platform. Users of the OpenLinux 2.3
Desktop product do not need to take additional actions if you have
already upgraded to the inn package as update 016.

The ‘INN’ (InterNetNews) package contains the ‘inews’ binary,
which is used for injecting news articles into the server. ISC, the
maintainers of INN, have release a patch for several buffer
overflows in the passwd field handling and article header parsing
routines in inews, which allows any local user to gain group ‘news’
access.

Since other parts of INN use group writeable files with ‘news’
permissions and due to inherent complexity of INN a further chain
of exploits could be used to gain ‘news’ user access and
(theoretically) ‘root’ access.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Desktop 2.3        All packages previous to
                                inn-2.2.1-1
                                (see update 016)

   OpenLinux eServer 2.3        All packages previous to
                                inn-2.2.2-2

3. Solution

Workaround:

chmod 550 /usr/libexec/inn/bin/inews

Since the ‘rnews’ binary might also be affected, if you do not
use UUCP you should do:

chown news /usr/libexec/inn/rnews chgrp news
/usr/libexec/inn/rnews chmod 500 /usr/libexec/inn/rnews

The proper solution is to upgrade to the fixed packages

rpm -U inn-2.2.1-1.i386.rpm

4. OpenLinux Desktop 2.3

Fixed packages released with update 016

5. OpenLinux eServer 2.3

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera’s FTP site at:


ftp://ftp.calderasystems.com/pub/eServer/updates/2.3/current/RPMS/

The corresponding source code package can be found at:


ftp://ftp.calderaystems.com/pub/eServer/updates/2.3/current/SRPMS

5.2 Verification

       e7cbfb0fbe8e589b78bc75c621a9c2ba  RPMS/inn-2.2.2-2.i386.rpm
       d6f11e575bf268920d24faba9fdc62fe  SRPMS/inn-2.2.2-2.src.rpm

5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -F inn-2.2.2-2.i386.rpm

6. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

7. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any
of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera
OpenLinux.

Complete Story
Previous article
Next article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.