24004 – net-nds/ypserv

Bug 24004 - net-nds/ypserv

Summary: net-nds/ypserv

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Highest critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-07-06 13:48 UTC by Daniel Ahlberg (RETIRED)
Modified:	2003-07-11 07:45 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Ahlberg (RETIRED) gentoo-dev

2003-07-06 13:48:27 UTC

________________________________________________________________________ 
 
                Mandrake Linux Security Update Advisory 
________________________________________________________________________ 
 
Package name:           ypserv 
Advisory ID:            MDKSA-2003:072 
Date:                   June 27th, 2003 
 
Affected versions:      8.2, 9.0, Corporate Server 2.1 
________________________________________________________________________ 
 
Problem Description: 
 
 A vulnerability was found in versions of ypserv prior to version 2.7. 
 If a malicious client were to query ypserv via TCP and subsequently 
 ignore the server's response, ypserv will block attempting to send 
 the reply.  The result is that ypserv will fail to respond to other 
 client requests.  ypserv 2.7 and above have been altered to fork a 
 child for each client request, which prevents any one request from 
 causing the server to block. 
________________________________________________________________________ 
 
References: 
 
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0251 
  http://www.linux-nis.org/nis/ypserv/ChangeLog

Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev

2003-07-11 07:45:15 UTC

glsa sent