-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1997.18: Vulnerability in INN server

Caldera Security Advisory SA-1997.18
Original report date:  21-Jul-1997
RPM build date:        03-Sep-1997
Advisory issue date:   18-Sep-1997

Topic: Vulnerability in INN server

I. Problem Description

	A vulnerability exists within INN (InterNet News) affecting
	all INN versions prior to inn-1.5.1-8. Arbitrary individuals
	having acess to a shell on a machine using INN as the news
	server can cause a buffer overflow and produce a priviledged shell
	on the vulnerable machine.

II. Impact

	On systems such as Caldera OpenLinux 1.1, an underprivileged user can
	obtain privleges on a machine using INN as the news server.

	This problem was present on the following OpenLinux releases:

		Lite 1.1
		Base 1.1
		Standard 1.1
        
	To determine if you are affected and need this update you may do the
	following:

		"rpm -qa | grep inn" or "rpm -q inn".

	If the results show a version of INN prior to inn-1.5.1-8 then you will
	need to update.

III. Solution
	The proper solution is to update to the new 1.5.1-8 package that
	contains the fixed versions of the INN news server.  They are
	located on Caldera's FTP server (ftp.caldera.com):

	/pub/openlinux/updates/1.1/current/RPMS/ for the binaries.
	/pub/openlinux/updates/1.1/current/SRPMS/ for the sources.

	The installation of the new package is as follows:

	1) Check to see if INN server is currently running.
	   ps -eax | grep innd
		If ps shows inn running, stop "innd" by running:
		/etc/rc.d/init.d/news stop

	2) Update to the new package by using the following command.
	   rpm -U RPMS/inn-1.5.1-8.i386.rpm

	3) If the INN server was previously running, check the file 
	   /etc/sysconfig/daemons/news for the following:
		onboot=yes
	  If the file has onboot=no, the innd daemon will not start with the
	  next set of instructions.	        

	4) If INN server: "innd" was previously running, it is now time to
	restart "innd" by running:
	/etc/rc.d/init.d/news start

	You will see the following message displayed:

		Starting the INND system: starting innd

	The MD5 checksum (from the "md5sum" command) for this package is:

	5f4adf79ef9a27016d17283269aecc46  RPMS/inn-1.5.1-8.i386.rpm
	4abba637341bedebea36b4bed20e5a08  SRPMS/inn-1.5.1-8.src.rpm

IV. References / Credits

	This and other Caldera security resources are located at:

		http://www.caldera.com/tech-ref/security/

	This advisory is based on the Security Advisory dated July 21, 1997
	from Secure Networks Inc.  For more information see:

		http://www.secnet.com/nav1.html INN link.

V. PGP Signature

	This message was signed with the PGP key for <security@caldera.com>.

	This key can be obtained from:
		ftp://ftp.caldera.com/pub/pgp-keys/

	Or on an OpenLinux CDROM under:
		/OpenLinux/pgp-keys/

	$Id: SA-1997.18,v 1.1 1997/09/18 17:43:39 ron Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNCFoY+n+9R4958LpAQFoxgP/fUDJG9ZA4WimZVJd3Zpdcn/Ot7YWJOcG
MvHbrjj8VpThtog0uY3/XXcnPRDZzjnzUuJWOkqf3S4MJ9XM+6bPUxjC7N4JzjvX
theeqHw/zC6/pqB7SX6Hih8ib3riKe99z7uduJrkbHP5/59DBEFDR39obxaoQnoK
Z9ynHqLKzQ0=
=V5RD
-----END PGP SIGNATURE-----