Bug 27213 - startinnfeed security hole
Summary: startinnfeed security hole
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: inn
Version: 7.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Florian La Roche
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-02-12 22:13 UTC by Chris Evans
Modified: 2007-04-18 16:31 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2001-02-12 22:13:58 UTC
Embargoed:

Attachments (Terms of Use)

Description Chris Evans 2001-02-12 22:13:55 UTC 
Hi,

A bunch of format string vulnerabilities in "startinnfeed" have just
been reported to Bugtraq.

startinnfeed is suid-root. However it's not as serious as it could be
because startinnfeed is only executable by group "news". Furthermore,
RH7.0 full install does not seem to have any sgid-news executables.

Older distributions could be in danger, however; I know that there used
to exist sgid-news executables. And there have been holes in these!

Thought I'd better file a report :-)
Comment 1 Florian La Roche 2001-02-13 13:05:43 UTC 
should have no security impact. Thanks for reporting this.
Note You need to log in before you can comment on or make changes to this bug.