Security Information / Security Advisories from late '97 and early '98 / Security Information -- parse-control

Debian Security Advisory

parse-control -- INN 1.5 parsecontrol

Date Reported:

undated

Affected Packages:

inn

Vulnerable:

No

Security database references:

CERT's vulnerabilities, advisories and incident notes: CA-1997-08.

More information:

This vulnerability may allow remote users to execute arbitrary commands with the privileges of the user that manages the news server.

Quoting from CA-1997-08:
Remote, unauthorized users can execute arbitrary commands on the system with the same privileges as the innd (INN daemon) process. Attacks may reach news servers located behind Internet firewalls.

Versions of INN prior to 1.5.1 are vulnerable.

The Debian entry from CA-1997-08:
The current version of INN shipped with Debian is 1.4unoff4. However the "unstable" (or development) tree contains inn-1.5.1.

References:

• CERT Special Edition about news servers