innd 2.2.2 remote buffer overflow

Forrest J. Cavalier III mibsoft at epix.net
Tue Jun 6 21:54:52 UTC 2000


Michal Zalewski <lcamtuf at TPI.PL> wrote:

> Newest innd 2.2.2, probably the most popular usenet news server (as well
> as previous versions) contain remotely exploitable, trivial on-stack
> buffer overflow in control articles handler.

INN 1.7.x and earlier is not affected by this.  The vulnerable code appeared
in the 2.x branch.

Forrest J. Cavalier III, INN customization and consulting
        http://www.mibsoftware.com/innsup.htm
Newsrate Usenet Server monitoring measures what you get.
        http://www.mibsoftware.com/userkt/newsrate/



More information about the inn-workers mailing list