INND Daemon Vulnerabilities
innd, up to including version 1.5.1, have a variety
The following problems have been reported:
- INN (versions 1.5.1and earlier) passes metacommands to the ucbmail mailer
without sufficinet filtering.
The mailer, which lacks sufficient checks for shell metacharacters, passes the unchecked data to a shell for processing. A remote attacker could send malicious metacharacters and execute arbitrary commands on the INN server.
- It is possible to pass malicious data to the innd daemon causing
system commands to be executed by the owner of the daemon.
Upgrade to the most recent version of INN (1.5.1 or newer). If upgrading to
1.5.1, then also apply the
Upgrade information is available on the Internet Software Consortium ISC