[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian WWW CVS commit by kraai: webwml/english/security/undated 1bliss.wml 1do ...

On Thu, Sep 04, 2003 at 10:46:29AM +0200, Gerfried Fuchs wrote:
> * Debian WWW CVS <webmaster@debian.org> [2003-08-20 05:17]:
> > Changes by:	kraai	03/08/20 05:17:02
> > 
> > Modified files:
> > 	english/security/undated: 1parsecontrol.wml 
> > 
> > Log message:
> > 	Add further descriptions and reference information, thanks to
> > 	Doug Jensen.
> 
>  I'm wondering....  Wouldn't it make much more sense to link to
> CA-1997-08 directly[1] instead of to the "special edition about news
> servers"?
> 
>  So long,
> Alfie
> [1] <http://www.cert.org/advisories/CA-1997-08.html>

Here is a text representation of
<http://www.debian.org/security/undated/1parsecontrol>, notice that
a link to CA-1997-08 has been included in "Security database references":

  Date Reported:
       undated
  Affected Packages:
       inn
  Vulnerable:
       No
  Security database references:
       CERT's vulnerabilities, advisories and incident notes: CA-1997-08.
  More information:
        This vulnerability may allow remote users to execute arbitrary
	commands with the privileges of the user that manages the news
        server.

        Quoting from CA-1997-08:
        Remote, unauthorized users can execute arbitrary commands on the
	system with the same privileges as the innd (INN daemon) process.
	Attacks may reach news servers located behind Internet firewalls.

        Versions of INN prior to 1.5.1 are vulnerable.

        The Debian entry from CA-1997-08:
        The current version of INN shipped with Debian is 1.4unoff4.
	However the "unstable" (or development) tree contains inn-1.5.1.

        References:
         * CERT Special Edition about news servers
============================================================================

The link to the "CERT Special Edition about news servers" provides
additional information about the INN vulnerability and about news server
vulnerabilities in general.  It seemed like it would be a nice
additional resource, if someone was interested in the INN vulnerability.

Alfie, could you help me understand what you would like changed?


Doug Jensen
Reply to: