Bugtraq mailing list archives
Re: innd 2.2.2 remote buffer overflow
From: rra () STANFORD EDU (Russ Allbery)
Date: Tue, 6 Jun 2000 14:00:05 -0700
Michal Zalewski <lcamtuf () dione ids pl> writes:
On 6 Jun 2000, Russ Allbery wrote:
Note that this code is only ever executed if the option "verifycancels" is enabled in inn.conf. This is *not* the default, and has been recommended against for some time now since it really doesn't do any real good.
It is enabled by default in RH,
That's a bug in Red Hat's configuration in my opinion as one of the maintainers of INN.
and usually is enabled on live innd sites.
Not by anyone who follows the advice of the documentation. I'll repeat: As one of the maintainers of INN, I strongly recommend that people not use verifycancels; it serves no useful purpose, the behavior that it enables is disallowed by the latest draft of the Usenet article format standard, and it's likely to go away completely in INN 2.4. I've not had it turned on on any of my servers for years now. -- Russ Allbery (rra () stanford edu) <http://www.eyrie.org/~eagle/>
Current thread:
- innd 2.2.2 remote buffer overflow Michal Zalewski (Jun 06)
- <Possible follow-ups>
- Re: innd 2.2.2 remote buffer overflow Russ Allbery (Jun 06)
- Re: innd 2.2.2 remote buffer overflow Michal Zalewski (Jun 05)
- Re: innd 2.2.2 remote buffer overflow Russ Allbery (Jun 06)
- Re: innd 2.2.2 remote buffer overflow Forrest J. Cavalier III (Jun 06)