Security problem in C news and INN

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Dave Hayes: "Thanks!"
• Previous message: Tim Newsham : "Re: syslog/udp"
• Next in thread: Scott D. Yelich: "Re: Security problem in C news and INN"

Maybe I'm the last person on the planet to realize this.....  is it common
knowledge that there's a *major* security hole in both C news performance
release, and old versions of INN?

If anyone doesn't know what I'm talking about, then you may want to disable
newgroup and checkgroups processing from C news (performance release), and
disable processing of ALL control messages except cancel from INN.  Disable
them <completely>, best with an "exit 0" at the first line of all
appropriate scripts.  Do not attempt to interpret or process these articles
in any way.  Don't do _anything_ with these articles except ignore them.
This is overkill, but anything more specific would be too much of a
giveaway.

Someone, perhaps me, will post more details about this in a future message.

 ------------------------------------------To find out more about the anon service, send mail to help@anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin@anon.penet.fi.

• Next message: Dave Hayes: "Thanks!"
• Previous message: Tim Newsham : "Re: syslog/udp"
• Next in thread: Scott D. Yelich: "Re: Security problem in C news and INN"