INN News Server Buffer Overflow Vulnerability

Bugtraq ID:	1443
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Jul 27 1997 12:00AM
Updated:	Jul 27 1997 12:00AM
Credit:	This vulnerability was first reported in a Network Associates advisory on July 21, 1997.
Vulnerable:	ISC INN 1.4 unoff4 ISC INN 1.4 unoff3 ISC INN 1.4 sec2 ISC INN 1.4 sec ISC INN 1.5.1 ISC INN 1.5.0
Not Vulnerable:	ISC INN 2.2.2 ISC INN 2.2.1 - SuSE Linux 6.3 - SuSE Linux 6.2 - SuSE Linux 6.1 alpha - SuSE Linux 6.1 - SuSE Linux 6.0 - SuSE Linux 5.3 ISC INN 2.2 ISC INN 2.1 ISC INN 2.0 ISC INN 1.7.2 ISC INN 1.7

INN News Server Buffer Overflow Vulnerability

INN is a complete system for distributing and viewing Usenet news. Several buffer overflow vulnerabilities exist in INN server components that could allow a remote user to execute arbitrary commands remotely.

INN News Server Buffer Overflow Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

INN News Server Buffer Overflow Vulnerability

Solution:
From the Network Associates Advisory:

INN version 1.6 has been made availible at ftp://ftp.isc.org/isc/inn. A fix will not be made availible for prior releases and it is suggested that all users running INN upgrade to version 1.6 immediately.

INN News Server Buffer Overflow Vulnerability

References:

• Gauntlet Advisory and Patches (COVERT Research Center)