Skip Quicknav

• About Debian
• News
• Getting Debian
• Support
• Developers' Corner
• Site map
• Search

Debian Security Advisory

parse-control -- INN 1.5 parsecontrol

Date Reported:

undated

Affected Packages:

inn

Vulnerable:

No

Security database references:

CERT's vulnerabilities, advisories and incident notes: CA-1997-08.

More information:

This vulnerability may allow remote users to execute arbitrary commands with the privileges of the user that manages the news server.

Quoting from CA-1997-08:
Remote, unauthorized users can execute arbitrary commands on the system with the same privileges as the innd (INN daemon) process. Attacks may reach news servers located behind Internet firewalls.

Versions of INN prior to 1.5.1 are vulnerable.

The Debian entry from CA-1997-08:
The current version of INN shipped with Debian is 1.4unoff4. However the "unstable" (or development) tree contains inn-1.5.1.

References:

• CERT Special Edition about news servers

This page is also available in the following languages:

Deutsch español français 日本語 (Nihongo) svenska

How to set the default document language