innd 2.2.2 remote buffer overflow

Michal Zalewski lcamtuf at dione.ids.pl
Mon Jun 5 20:46:25 UTC 2000


On 6 Jun 2000, Russ Allbery wrote:

> Note that this code is only ever executed if the option
> "verifycancels" is enabled in inn.conf.  This is *not* the default,
> and has been recommended against for some time now since it really
> doesn't do any real good.

It is enabled by default in RH, and usually is enabled on live innd sites.

> Note that due to the syntax checking INN performs on message IDs, this
> will be mildly difficult to exploit, although it's probably at least
> theoretically possible.

It is exploitable :)

_______________________________________________________
Michal Zalewski [lcamtuf at tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=




More information about the inn-workers mailing list