INN 2.0 Root Exploit Found in Red Hat 6.0

From notting@redhat.com Fri May 21 22:20:33 1999
Date: Fri, 21 May 1999 15:55:25 -0400
From: Bill Nottingham 
Reply-To: redhat-watch-list@redhat.com
To: redhat-watch-list@redhat.com
Subject: [SECURITY] new inn RPMS available
Resent-Date: 21 May 1999 21:14:49 -0000
Resent-From: redhat-watch-list@redhat.com
Resent-cc: recipient list not shown: ;

Security problems have been found with the version of INN that shipped
with Red Hat Linux 6.0.  By editing the inn.conf file, or changing the
INNCONF environment variable, the 'news' user could execute arbitrary
code as root. Thanks to the users of BUGTRAQ for noting this problem.
It is recommended that users of INN under Red Hat Linux 6.0 upgrade
to the new packages.

This vulnerability does not affect the INN that shipped in previous
versions of Red Hat Linux.

Red Hat Linux 6.0:
==================

alpha:
rpm -Uvh ftp://updates.redhat.com/6.0/alpha/inn-2.2-9.alpha.rpm
rpm -Uvh ftp://updates.redhat.com/6.0/alpha/inn-devel-2.2-9.alpha.rpm
rpm -Uvh ftp://updates.redhat.com/6.0/alpha/inews-2.2-9.alpha.rpm

i386:
rpm -Uvh ftp://updates.redhat.com/6.0/i386/inn-2.2-9.i386.rpm
rpm -Uvh ftp://updates.redhat.com/6.0/i386/inn-devel-2.2-9.i386.rpm
rpm -Uvh ftp://updates.redhat.com/6.0/i386/inews-2.2-9.i386.rpm

sparc:
rpm -Uvh ftp://updates.redhat.com/6.0/sparc/inn-2.2-9.sparc.rpm
rpm -Uvh ftp://updates.redhat.com/6.0/sparc/inn-devel-2.2-9.sparc.rpm
rpm -Uvh ftp://updates.redhat.com/6.0/sparc/inews-2.2-9.sparc.rpm

Source rpm:
rpm -Uvh ftp://updates.redhat.com/6.0/SRPMS/inn-2.2-9.src.rpm


-- 
         To unsubscribe: mail redhat-watch-list-request@redhat.com with 
                       "unsubscribe" as the Subject.