-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1997.18: Vulnerability in INN server

Caldera Security Advisory SA-1997.18
Original report date:  21-Jul-1997
RPM build date:        03-Sep-1997
Advisory issue date:   18-Sep-1997

Topic: Vulnerability in INN server

I. Problem Description

  A vulnerability exists within INN (InterNet News) affecting
  all INN versions prior to inn-1.5.1-8. Arbitrary individuals
  having acess to a shell on a machine using INN as the news
  server can cause a buffer overflow and produce a priviledged shell
  on the vulnerable machine.

II. Impact

  On systems such as Caldera OpenLinux 1.1, an underprivileged user can
  obtain privleges on a machine using INN as the news server.

  This problem was present on the following OpenLinux releases:

    Lite 1.1
    Base 1.1
    Standard 1.1
        
  To determine if you are affected and need this update you may do the
  following:

    "rpm -qa | grep inn" or "rpm -q inn".

  If the results show a version of INN prior to inn-1.5.1-8 then you will
  need to update.

III. Solution
  The proper solution is to update to the new 1.5.1-8 package that
  contains the fixed versions of the INN news server.  They are
  located on Caldera's FTP server (ftp.caldera.com):

  /pub/openlinux/updates/1.1/current/RPMS/ for the binaries.
  /pub/openlinux/updates/1.1/current/SRPMS/ for the sources.

  The installation of the new package is as follows:

  1) Check to see if INN server is currently running.
     ps -eax | grep innd
    If ps shows inn running, stop "innd" by running:
    /etc/rc.d/init.d/news stop

  2) Update to the new package by using the following command.
     rpm -U RPMS/inn-1.5.1-8.i386.rpm

  3) If the INN server was previously running, check the file 
     /etc/sysconfig/daemons/news for the following:
    onboot=yes
    If the file has onboot=no, the innd daemon will not start with the
    next set of instructions.          

  4) If INN server: "innd" was previously running, it is now time to
  restart "innd" by running:
  /etc/rc.d/init.d/news start

  You will see the following message displayed:

    Starting the INND system: starting innd

  The MD5 checksum (from the "md5sum" command) for this package is:

  5f4adf79ef9a27016d17283269aecc46  RPMS/inn-1.5.1-8.i386.rpm
  4abba637341bedebea36b4bed20e5a08  SRPMS/inn-1.5.1-8.src.rpm

IV. References / Credits

  This and other Caldera security resources are located at:

    http://www.caldera.com/tech-ref/security/

  This advisory is based on the Security Advisory dated July 21, 1997
  from Secure Networks Inc.  For more information see:

    http://www.secnet.com/nav1.html INN link.

V. PGP Signature

  This message was signed with the PGP key for <security@caldera.com>.

  This key can be obtained from:
    ftp://ftp.caldera.com/pub/pgp-keys/

  Or on an OpenLinux CDROM under:
    /OpenLinux/pgp-keys/

  $Id: SA-1997.18,v 1.1 1997/09/18 17:43:39 ron Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNCFoY+n+9R4958LpAQFoxgP/fUDJG9ZA4WimZVJd3Zpdcn/Ot7YWJOcG
MvHbrjj8VpThtog0uY3/XXcnPRDZzjnzUuJWOkqf3S4MJ9XM+6bPUxjC7N4JzjvX
theeqHw/zC6/pqB7SX6Hih8ib3riKe99z7uduJrkbHP5/59DBEFDR39obxaoQnoK
Z9ynHqLKzQ0=
=V5RD
-----END PGP SIGNATURE-----