exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Sep 23, 1999


SHA-256 | c1dd787cd019195b4a30b1cc6672357c1956d225b48a08a364e5a9480a40c94f


Change Mirror Download

Subject: Caldera Security Advisory SA-1997.18: Vulnerability in INN server

Caldera Security Advisory SA-1997.18
Original report date: 21-Jul-1997
RPM build date: 03-Sep-1997
Advisory issue date: 18-Sep-1997

Topic: Vulnerability in INN server

I. Problem Description

A vulnerability exists within INN (InterNet News) affecting
all INN versions prior to inn-1.5.1-8. Arbitrary individuals
having acess to a shell on a machine using INN as the news
server can cause a buffer overflow and produce a priviledged shell
on the vulnerable machine.

II. Impact

On systems such as Caldera OpenLinux 1.1, an underprivileged user can
obtain privleges on a machine using INN as the news server.

This problem was present on the following OpenLinux releases:

Lite 1.1
Base 1.1
Standard 1.1

To determine if you are affected and need this update you may do the

"rpm -qa | grep inn" or "rpm -q inn".

If the results show a version of INN prior to inn-1.5.1-8 then you will
need to update.

III. Solution
The proper solution is to update to the new 1.5.1-8 package that
contains the fixed versions of the INN news server. They are
located on Caldera's FTP server (ftp.caldera.com):

/pub/openlinux/updates/1.1/current/RPMS/ for the binaries.
/pub/openlinux/updates/1.1/current/SRPMS/ for the sources.

The installation of the new package is as follows:

1) Check to see if INN server is currently running.
ps -eax | grep innd
If ps shows inn running, stop "innd" by running:
/etc/rc.d/init.d/news stop

2) Update to the new package by using the following command.
rpm -U RPMS/inn-1.5.1-8.i386.rpm

3) If the INN server was previously running, check the file
/etc/sysconfig/daemons/news for the following:
If the file has onboot=no, the innd daemon will not start with the
next set of instructions.

4) If INN server: "innd" was previously running, it is now time to
restart "innd" by running:
/etc/rc.d/init.d/news start

You will see the following message displayed:

Starting the INND system: starting innd

The MD5 checksum (from the "md5sum" command) for this package is:

5f4adf79ef9a27016d17283269aecc46 RPMS/inn-1.5.1-8.i386.rpm
4abba637341bedebea36b4bed20e5a08 SRPMS/inn-1.5.1-8.src.rpm

IV. References / Credits

This and other Caldera security resources are located at:


This advisory is based on the Security Advisory dated July 21, 1997
from Secure Networks Inc. For more information see:

http://www.secnet.com/nav1.html INN link.

V. PGP Signature

This message was signed with the PGP key for <security@caldera.com>.

This key can be obtained from:

Or on an OpenLinux CDROM under:

$Id: SA-1997.18,v 1.1 1997/09/18 17:43:39 ron Exp $

Version: 2.6.2

Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By