slrn newsreader binary decoding causes embedded scripts to be executed

slrn-decode-script-execution (7166) The risk level is classified as HighHigh Risk

Description:

The slrn newsreader in some Linux distributions could allow the execution of embedded scripts, caused by a vulnerability in the code that handles the decoding of binaries. A remote attacker could embed a malicious shell script within a message, which would be executed once the message is read.


Consequences:

Gain Access

Remedy:

Apply the Bugfix dated September 9, 2001, available from the slrn Web site. See References.

For Debian GNU/Linux 2.2 (potato):
Upgrade to the latest version of slrn (0.9.6.2-9potato2 or later), as listed in DSA-078-1. See References.

For other distributions:
Contact your vendor for patch or upgrade information.

References:

  • slrn Web site: Bugfixes.
  • BID-3364: SLRN Arbitrary Shell Script Execution Vulnerability
  • CVE-2001-1035: Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post.
  • DSA-078: slrn -- remote command invocation

Platforms Affected:

  • Debian Debian Linux 2.2
  • slrn slrn 0.9.7.2 and prior

Reported:

Sep 24, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page