We have received reports of a new kind of denial of service lately that was about killing an INN news syste. Someone sent out tons of sendsys messages with forged "From" addresses. This can cause high load on a news system if when the system processes the requests. Debian GNU/Linux is not vulnerable to this when the default setup is kept since such requests are only logged. However they'll be processed if they come from two well known addresses. This type of control messages is not needed anymore since the usenet has grown so much and is very reliable. Thus it doesn't hurt to turn this report mechanism off. -- Debian GNU/Linux . Security Managers . security@debian.org debian-security-announce@lists.debian.org Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org>
Attachment:
pgpae5UjmRZ3V.pgp
Description: PGP signature