Bugtraq mailing list archives

Re: innd 2.2.2 remote buffer overflow

From: lcamtuf () DIONE IDS PL (Michal Zalewski)
Date: Mon, 5 Jun 2000 22:46:25 +0200


On 6 Jun 2000, Russ Allbery wrote:

Note that this code is only ever executed if the option
"verifycancels" is enabled in inn.conf.  This is *not* the default,
and has been recommended against for some time now since it really
doesn't do any real good.


It is enabled by default in RH, and usually is enabled on live innd sites.

Note that due to the syntax checking INN performs on message IDs, this
will be mildly difficult to exploit, although it's probably at least
theoretically possible.


It is exploitable :)

_______________________________________________________
Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=

Current thread:

innd 2.2.2 remote buffer overflow Michal Zalewski (Jun 06)
- <Possible follow-ups>
- Re: innd 2.2.2 remote buffer overflow Russ Allbery (Jun 06)
  - Re: innd 2.2.2 remote buffer overflow Michal Zalewski (Jun 05)
- Re: innd 2.2.2 remote buffer overflow Russ Allbery (Jun 06)
- Re: innd 2.2.2 remote buffer overflow Forrest J. Cavalier III (Jun 06)