blob: 7c41937b0851214ffc69e769aad99b5e6b43cf13 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
#use wml::debian::translation-check translation="0c2765d6332ad131ec7915c4b714b26dee871b2b"
<define-tag description>parsecontrol 1.5 INN</define-tag>
<define-tag moreinfo>
Esta vulnerabilidad podía permitir a los usuarios remotos ejecutar comandos
con los privilegios del usuario que gestionara el servidor de noticias.
<p>Citado de CA-1997-08:<br>
Los usuarios remotos no autorizados podían ejecutar comandos arbitrarios en
el sistema con los mismos privilegios del proceso innd (demonio de INN).
Los ataques podían llegar a servidores de noticias que estuvieran tras
cortafuegos.</p>
<p>Son vulnerables las versiones de INN anteriores a la 1.5.1.</p>
<p>La entrada de Debian para CA-1997-08:<br>
La versión actual de INN que incluye Debian es la 1.4unoff4. Sin embargo,
el árbol «inestable» (o en desarrollo) tiene inn-1.5.1.</p>
<p>Referencias:
<ul>
<li><a href="http://www.cert.org/summaries/CS-97.02.html">Edición especial
del CERT acerca de los servidores de noticias</a></li>
</ul>
</define-tag>
# do not modify the following line
#include '$(ENGLISHDIR)/security/undated/1parsecontrol.data'
Index: english/security/undated/1parsecontrol.wml
===================================================================
RCS file: /cvs/webwml/webwml/english/security/undated/1parsecontrol.wml,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -3 -p -r1.5 -r1.6
--- english/security/undated/1parsecontrol.wml 19 Apr 2001 15:52:11 -0000 1.5
+++ english/security/undated/1parsecontrol.wml 20 Aug 2003 11:17:02 -0000 1.6
@@ -1,6 +1,26 @@
<define-tag moreinfo>
</define-tag>
<define-tag description>INN 1.5 parsecontrol</define-tag>
+<define-tag moreinfo>
+This vulnerability may allow remote users to execute arbitrary commands
+with the privileges of the user that manages the news server.
+<p>Quoting from CA-1997-08:<br>
+Remote, unauthorized users can execute arbitrary commands on the system
+with the same privileges as the innd (INN daemon) process. Attacks may
+reach news servers located behind Internet firewalls.
+
+<p>Versions of INN prior to 1.5.1 are vulnerable.
+
+<p>The Debian entry from CA-1997-08:<br>
+The current version of INN shipped with Debian is 1.4unoff4.
+However the "unstable" (or development) tree contains inn-1.5.1.
+
+<p>References:
+<ul>
+<li><a href="http://www.cert.org/summaries/CS-97.02.html">CERT Special Edition about news servers</a>
+</ul>
+
+</define-tag>
# do not modify the following line
#include '$(ENGLISHDIR)/security/undated/1parsecontrol.data'
|
