COMMAND

    canna

SYSTEMS AFFECTED

    Those using canna

PROBLEM

    Following is based on Debian Security Advisory.  The canna package
    as distributed in Debian  GNU/Linux 2.1 can be  remotely exploited
    to gain access.   This could be  done by overflowing  a buffer  by
    sending a SR_INIT command with a very long usernamd or groupname.

    The  Canna  server  contains  an  overflowable buffer which may be
    exploited by a remote user to execute arbitrary code on the  local
    system as  user 'bin'.   Remote users  can run  arbitrary code  as
    user 'bin'  on the  local system.   Depending on  the local system
    configuration,  the  attacker  may  be  able to upgrade privileges
    further by exploiting local vulnerabilities.

    If you  have not  chosen to  install the  Canna port/package, then
    your system is not vulnerable to this problem.

    Note  that  FreeBSD  says  about  local  and  Debian  about remote
    vulnerability.

SOLUTION

    This has been fixed in version 3.5b2-24slink1, and recommend  that
    you upgrade your canna package immediately (for Debian users).

    For FreeBSD:

        1) Deinstall the Canna port/package, if you you have installed
           it.
        2) Consider limiting remote  access to the Canna  server using
           ipfw(8) or ipf(8).
        3) Create a /etc/hosts.canna file on the Canna server and list
           the  hosts  which  you  wish  to  allow access to the Canna
           server.   For  example,  if  you  want  to allow access via
           localhost   only,   include    the   following   in    your
           /etc/hosts.canna file:
             localhost
             unix

           If   you   want   to   allow   access   via  localhost  and
           some-other-host.com, which has IP address x.y.z.w,  include
           the following:
             localhost
             unix
             x.y.z.w

    Solution is one of the following:

        1) Upgrade your entire ports collection and rebuild the  Canna
           port.
        2) Deinstall the old package  and install a new package  dated
           after the correction date (2000-06-29), obtained from:
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/japanese/ja-Canna-3.2.2.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/japanese/ja-Canna-3.2.2.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/japanese/ja-Canna-3.2.2.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/japanese/ja-Canna-3.2.2.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/japanese/ja-Canna-3.2.2.tgz
        3) download a new port skeleton for the Canna port from:
           http://www.freebsd.org/ports/
           and use it to rebuild the port.