A buffer overflow has been discovered in a portion of the control message handling code introduced in INN 2.4.0. It is likely that this overflow could be remotely exploited to gain access to the user innd runs as. INN 2.3.x and earlier are not affected. The INN CURRENT tree is affected.
The information has been provided by Russ Allbery and Dan Riley.
INN 2.4.1 has just been released with a fix for this issue and various other accumulated patches. We strongly urge anyone running INN 2.4.0 or any STABLE snapshot to upgrade to this version, or apply the attached patch to their source tree and reinstall with make update. There should be no incompatibilities between INN 2.4.1 and INN 2.4.0 or STABLE snapshots.
ISC would like to apologize for this problem, which was caused by misuse of static buffers and a dangerous internal INN function that ISC intend to remove completely in the next stable release. The current development branch has already been converted almost entirely to strlcpy, strlcat, and other safe string handling routines and that conversion should be complete in the INN 2.5.0 release.
Following is a patch against INN 2.4.0. It should also apply to a current STABLE or CURRENT snapshot if you use patch -l to apply it.