________________________________________________________________________ Mandrake Linux Security Update Advisory ________________________________________________________________________ Package name: ypserv Advisory ID: MDKSA-2003:072 Date: June 27th, 2003 Affected versions: 8.2, 9.0, Corporate Server 2.1 ________________________________________________________________________ Problem Description: A vulnerability was found in versions of ypserv prior to version 2.7. If a malicious client were to query ypserv via TCP and subsequently ignore the server's response, ypserv will block attempting to send the reply. The result is that ypserv will fail to respond to other client requests. ypserv 2.7 and above have been altered to fork a child for each client request, which prevents any one request from causing the server to block. ________________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0251 http://www.linux-nis.org/nis/ypserv/ChangeLog
glsa sent