News denial of service using sendsys

To: Debian Security Announcements <debian-security-announce@lists.debian.org>
Subject: News denial of service using sendsys
From: Martin Schulze <joey@kuolema.Infodrom.North.DE>
Date: Fri, 28 Aug 1998 02:31:57 +0200
Message-id: <[🔎] 19980828023157.A16097@kuolema.Infodrom.North.DE>
Reply-to: security@debian.org

We have received reports of a new kind of denial of service lately
that was about killing an INN news syste.  Someone sent out tons of
sendsys messages with forged "From" addresses.  This can cause high
load on a news system if when the system processes the requests.

Debian GNU/Linux is not vulnerable to this when the default setup is
kept since such requests are only logged.  However they'll be
processed if they come from two well known addresses.

This type of control messages is not needed anymore since the usenet
has grown so much and is very reliable.  Thus it doesn't hurt to turn
this report mechanism off.

--
Debian GNU/Linux    .    Security Managers    .    security@debian.org
              debian-security-announce@lists.debian.org
Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org>

Attachment: pgpae5UjmRZ3V.pgp
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] Current versions of lpr fixes security problem
Next by Date: [SECURITY] New versions of apache fixes denial of services
Previous by thread: [SECURITY] Current versions of lpr fixes security problem
Next by thread: [SECURITY] New versions of apache fixes denial of services
Index(es):
- Date
- Thread