A bunch of format string vulnerabilities in "startinnfeed" have just
been reported to Bugtraq.
startinnfeed is suid-root. However it's not as serious as it could be
because startinnfeed is only executable by group "news". Furthermore,
RH7.0 full install does not seem to have any sgid-news executables.
Older distributions could be in danger, however; I know that there used
to exist sgid-news executables. And there have been holes in these!
Thought I'd better file a report :-)
should have no security impact. Thanks for reporting this.