OpenNET security: GLSA: ypserv

GLSA: ypserv


<< Previous	INDEX	Search	src	Set bookmark	Go to bookmark	Next >>

Date: Mon, 28 Oct 2002 15:09:40 +0100
From: Daniel Ahlberg <aliz@gentoo.org>
To: bugtraq@securityfocus.com
Subject: GLSA: ypserv

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-010
- - --------------------------------------------------------------------

PACKAGE : ypserv
SUMMARY═: information leak
DATE ══ : 2002-10-28 14:10 UTC
EXPLOIT : remote

- - --------------------------------------------------------------------

Thorsten Kukuck discovered a problem in the ypserv program which is
part of the Network Information Services (NIS).  A memory leak in all
versions of ypserv prior to 2.5 is remotely exploitable.  When a
malicious user could request a non-existing map the server will leak
parts of an old domainname and mapname.

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-nds/ypserv-1.3.12 and earlier update their systems as follows:

emerge rsync
emerge ypserv
emerge clean

- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9vUUjfT7nyhUpoZMRAv7wAJ4hQ2QqPozFTcLkIr3ddJCHwIqiOQCcC89e
CW28lSsCnFemMc4lTReoiao=
=IWUR
-----END PGP SIGNATURE-----


<< Previous	INDEX	Search	src	Set bookmark	Go to bookmark	Next >>

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру