>Maybe I'm the last person on the planet to realize this..... is it common >knowledge that there's a *major* security hole in both C news performance >release, and old versions of INN? > >If anyone doesn't know what I'm talking about, then you may want to disable >newgroup and checkgroups processing from C news (performance release), and >disable processing of ALL control messages except cancel from INN. Disable >them <completely>, best with an "exit 0" at the first line of all >appropriate scripts. Do not attempt to interpret or process these articles >in any way. Don't do _anything_ with these articles except ignore them. >This is overkill, but anything more specific would be too much of a >giveaway. If you use INN, you can get inn1.4.sec from ftp.uu.net. It fixes this problem. I'm not sure that disabling all control messages except cancel actually works. Casper