Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

GLSA: ypserv

From: Daniel Ahlberg <aliz () gentoo org>
Date: Mon, 28 Oct 2002 15:09:40 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-010
- - --------------------------------------------------------------------

PACKAGE : ypserv
SUMMARY : information leak
DATE    : 2002-10-28 14:10 UTC
EXPLOIT : remote

- - --------------------------------------------------------------------

Thorsten Kukuck discovered a problem in the ypserv program which is
part of the Network Information Services (NIS).  A memory leak in all
versions of ypserv prior to 2.5 is remotely exploitable.  When a
malicious user could request a non-existing map the server will leak
parts of an old domainname and mapname.

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-nds/ypserv-1.3.12 and earlier update their systems as follows:

emerge rsync
emerge ypserv
emerge clean

- - --------------------------------------------------------------------
aliz () gentoo org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9vUUjfT7nyhUpoZMRAv7wAJ4hQ2QqPozFTcLkIr3ddJCHwIqiOQCcC89e
CW28lSsCnFemMc4lTReoiao=
=IWUR
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: