Bug 27213 – startinnfeed security hole

Bug 27213 - startinnfeed security hole

Summary:	startinnfeed security hole

Status:	CLOSED NOTABUG

Aliases:	None

Product:	Red Hat Linux
Classification:	Retired
Component:	inn (Show other bugs)
Sub Component:
Version:	7.0
Hardware:	i386 Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Florian La Roche
QA Contact:	David Lawrence
Docs Contact:

URL:
Whiteboard:
Keywords:	Security

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2001-02-12 17:13 EST by Chris Evans
Modified:	2007-04-18 12:31 EDT (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2001-02-12 17:13:58 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Chris Evans 2001-02-12 17:13:55 EST

Hi,

A bunch of format string vulnerabilities in "startinnfeed" have just
been reported to Bugtraq.

startinnfeed is suid-root. However it's not as serious as it could be
because startinnfeed is only executable by group "news". Furthermore,
RH7.0 full install does not seem to have any sgid-news executables.

Older distributions could be in danger, however; I know that there used
to exist sgid-news executables. And there have been holes in these!

Thought I'd better file a report :-)

Comment 1 Florian La Roche 2001-02-13 08:05:43 EST

should have no security impact. Thanks for reporting this.

Note You need to log in before you can comment on or make changes to this bug.