Mandrake Linux Security Advisory : inn (MDKSA-2000:023)

high Nessus Plugin ID 61821

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf. This vulnerability could be used to gain root access on any system with inn installed. This new version also does not install inews as setgid news or rnews as setuid root. Many other security paranoia fixes have been made as well.

Solution

Update the affected inews, inn and / or inn-devel packages.

Plugin Details

Severity: High

ID: 61821

File Name: mandrake_MDKSA-2000-023.nasl

Version: 1.6

Type: local

Published: 9/6/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:inews, p-cpe:/a:mandriva:linux:inn, p-cpe:/a:mandriva:linux:inn-devel, cpe:/o:mandrakesoft:mandrake_linux:6.0, cpe:/o:mandrakesoft:mandrake_linux:6.1, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 7/22/2000

Reference Information

MDKSA: 2000:023