9596 – net-nds/ypserv

Bug 9596 - net-nds/ypserv

Summary: net-nds/ypserv

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	x86 Linux

Importance:	Lowest critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2002-10-24 03:18 UTC by Daniel Ahlberg (RETIRED)
Modified:	2003-02-04 19:42 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Ahlberg (RETIRED) gentoo-dev

2002-10-24 03:18:08 UTC

--------------------------------------------------------------------------
Debian Security Advisory DSA 180-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 21st, 2002                      http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : nis
Vulnerability  : information leak
Problem-Type   : remote
Debian-specific: no

Thorsten Kukuck discovered a problem in the ypserv program which is
part of the Network Information Services (NIS).  A memory leak in all
versions of ypserv prior to 2.5 is remotely exploitable.  When a
malicious user could request a non-existing map the server will leak
parts of an old domainname and mapname.

Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev

2002-10-24 03:18:43 UTC

NOTE: In the 2.x line tcp-wrappers support has been removed.