RH6.0: INN
Posted by LinuxSecurity.com Team   
RedHat Linux Security problems have been found with the version of INN that shipped with Red Hat Linux 6.0. By editing the inn.conf file, or changing the INNCONF environment variable, the 'news' user could execute arbitrary code as root. Thanks to the users of BUGTRAQ for noting this problem. It is recommended that users of INN under Red Hat Linux 6.0 upgrade to the new packages. This vulnerability does not affect the INN that shipped in previous versions of Red Hat Linux.
 
Red Hat, Inc. Security Advisory

Package: INN

Updated: 22-May-1999

Problem:

  • (22-May-1999) Security Fix
    Security problems have been found with the version of INN that shipped with Red Hat Linux 6.0. By editing the inn.conf file, or changing the INNCONF environment variable, the 'news' user could execute arbitrary code as root. Thanks to the users of BUGTRAQ for noting this problem. It is recommended that users of INN under Red Hat Linux 6.0 upgrade to the new packages.

    This vulnerability does not affect the INN that shipped in previous versions of Red Hat Linux.

Solution: