COMMAND

    inews

SYSTEMS AFFECTED

    munices

PROBLEM

    INN  versions  2.2  and  earlier  have  a  buffer overflow-related
    security condition in the inews program.  inews is a program  used
    to inject new postings into the  news system.  It is used  by many
    news reading programs  and scripts.   The default installation  is
    with inews setgid  to the news  group and world  executable.  It's
    possible  that  exploiting  the  buffer  overflow  could  give the
    attacker news group privileges,  which could possibly be  extended
    to root access.

    A fuller description can be found at

        http://www.isc.org/view.cgi?products/INN/inn2.2.vulnerability.phtml

SOLUTION

    If you  run a  news server  with no  local readers  (i.e. all your
    clients are remote) then you can remove the setgid-bit on inews.

        chmod 0550 inews

    The rnews program, used  to feed news via  uucp, is setuid to  the
    uucp user.  No buffer overflow problems have been found in  rnews,
    but if you don't run uucp on your machine, then it is  recommended
    disabling the setuid bit on rnews:

        chown news rnews
        chgrp news rnews
        chmod 0550 rnews

    The latest INN version 2.2.1

        ftp://ftp.isc.org/isc/inn/inn-2.2.1.tar.gz

    has the buffer overflow problem fixed.  Upgrading is  recommended,
    if you cannot disable the inews setgid bit.

    RPMs for RedHat required:

        ftp://updates.redhat.com//6.0/i386/inn-2.2.1-1.i386.rpm
        ftp://updates.redhat.com//6.0/i386/inn-devel-2.2.1-1.i386.rpm
        ftp://updates.redhat.com//6.0/alpha/inn-2.2.1-1.alpha.rpm
        ftp://updates.redhat.com//6.0/alpha/inn-devel-2.2.1-1.alpha.rpm
        ftp://updates.redhat.com//6.0/sparc/inn-2.2.1-1.sparc.rpm
        ftp://updates.redhat.com//6.0/sparc/inn-devel-2.2.1-1.sparc.rpm
        ftp://updates.redhat.com//6.0/SRPMS/inn-2.2.1-1.src.rpm

        ftp://updates.redhat.com//5.2/i386/inn-2.2.1-0.5.2.i386.rpm
        ftp://updates.redhat.com//5.2/i386/inn-devel-2.2.1-0.5.2.i386.rpm
        ftp://updates.redhat.com//5.2/alpha/inn-2.2.1-0.5.2.alpha.rpm
        ftp://updates.redhat.com//5.2/alpha/inn-devel-2.2.1-0.5.2.alpha.rpm
        ftp://updates.redhat.com//5.2/sparc/inn-2.2.1-0.5.2.sparc.rpm
        ftp://updates.redhat.com//5.2/sparc/inn-devel-2.2.1-0.5.2.sparc.rpm
        ftp://updates.redhat.com//5.2/SRPMS/inn-2.2.1-0.5.2.src.rpm

        ftp://updates.redhat.com//4.2/i386/inn-2.2.1-0.4.2.i386.rpm
        ftp://updates.redhat.com//4.2/i386/inn-devel-2.2.1-0.4.2.i386.rpm
        ftp://updates.redhat.com//4.2/noarch/cleanfeed-0.95.7b-0.4.2.noarch.rpm
        ftp://updates.redhat.com//4.2/alpha/inn-2.2.1-0.4.2.alpha.rpm
        ftp://updates.redhat.com//4.2/alpha/inn-devel-2.2.1-0.4.2.alpha.rpm
        ftp://updates.redhat.com//4.2/noarch/cleanfeed-0.95.7b-0.4.2.noarch.rpm
        ftp://updates.redhat.com//4.2/sparc/inn-2.2.1-0.4.2.sparc.rpm
        ftp://updates.redhat.com//4.2/sparc/inn-devel-2.2.1-0.4.2.sparc.rpm
        ftp://updates.redhat.com//4.2/noarch/cleanfeed-0.95.7b-0.4.2.noarch.rpm
        ftp://updates.redhat.com//4.2/SRPMS/cleanfeed-0.95.7b-0.4.2.src.rpm
        ftp://updates.redhat.com//4.2/SRPMS/inn-2.2.1-0.4.2.src.rpm