Red Hat Bugzilla – Bug 27213
startinnfeed security hole
Last modified: 2007-04-18 12:31:26 EDT
A bunch of format string vulnerabilities in "startinnfeed" have just
been reported to Bugtraq.
startinnfeed is suid-root. However it's not as serious as it could be
because startinnfeed is only executable by group "news". Furthermore,
RH7.0 full install does not seem to have any sgid-news executables.
Older distributions could be in danger, however; I know that there used
to exist sgid-news executables. And there have been holes in these!
Thought I'd better file a report :-)
should have no security impact. Thanks for reporting this.