• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Linux ypbind Local Format String Vulnerability

Solution:
RedHat and Debian have both released patches for this vulnerability. S.u.S.E. users should refer to a different vulnerability, BID: 1820 for patch information.

Mandrake Linux:

You can download the updates listed below directly from:
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates

Or try one of the other mirrors listed at:

http://www.linux-mandrake.com/en/ftp.php3.

Updates:

Linux-Mandrake 6.0:
c94e16fe0699ef929c231e9dc02f8416 6.0/RPMS/ypbind-3.3-25mdk.i586.rpm
09c51e63bd71a9ef94d6f6abffad2698 6.0/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696 6.0/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3 6.0/SRPMS/ypserv-1.3.9-4mdk.src.rpm

Linux-Mandrake 6.1:
e4432a5714fb995ea6c272206eff8f40 6.1/RPMS/ypbind-3.3-25mdk.i586.rpm
e7cbe8440877516c8b5dec04ca6429da 6.1/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696 6.1/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3 6.1/SRPMS/ypserv-1.3.9-4mdk.src.rpm

Linux-Mandrake 7.0:
52dcef1933b60d109d752965e9ea0789 7.0/RPMS/ypbind-3.3-25mdk.i586.rpm
bea6a3029a09a7e8e291d742c5d4c08f 7.0/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696 7.0/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3 7.0/SRPMS/ypserv-1.3.9-4mdk.src.rpm

Linux-Mandrake 7.1:
4ca3ef370ecb639c7d8d62900e2f9482 7.1/RPMS/ypbind-3.3-25mdk.i586.rpm
dd943d35562464810c88bceb02d3ee76 7.1/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696 7.1/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3 7.1/SRPMS/ypserv-1.3.9-4mdk.src.rpm

Trustix recently released several updated packages:

RedHat

iputils: Fixes serveral problems in ping including a buffer overflow.
gnupg: Fixed a serious bug which could lead to false signature verification results when more than one signature is fed to gpg.

ypbind: Local root exploit. Linux ypbind

Users of TSL 1.0x and 1.1 that worry about local security should
definitely upgrade.

MD5sums:
9e2bbf3ddd728da4cbab3ece1ba390b7 gnupg-1.0.4-2tr.i586.rpm
43d503eb306f202c794ca064980574ad iputils-20001011-1tr.i586.rpm
8625657f6edea52b88e0cff1dfff4bb4 ypbind-3.3-29tr.i586.rpm

Get them at:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/ or
http://www.trustix.net/download/Trustix/updates/1.1/RPMS/


Swen Thuemmler ypbind 3.3

• Caldera eDesktop 2.4: nis-client-2.0-12
  ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/RPM S/nis-client-2.0-12.i386.rpm


• Caldera eDesktop 2.4: nis-server-2.0-12
  ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/RPM S/nis-server-2.0-12.i386.rpm


• Caldera eServer 2.3: nis-client-2.0-12
  ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/RPMS /nis-client-2.0-12.i386.rpm


• Caldera eServer 2.3: nis-server-2.0-12
  ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/RPMS /nis-server-2.0-12.i386.rpm


• Caldera OpenLinux 2.3: nis-client-2.0-12
  ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/RP MS/nis-client-2.0-12.i386.rpm


• Caldera OpenLinux 2.3: nis-server-2.0-12
  ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/RP MS/nis-server-2.0-12.i386.rpm


• Debian 2.1 i386 nis_3.5-2.1_i386.deb
  http://security.debian.org/dists/slink/updates/binary-i386/nis_3.5-2.1 _i386.deb


• Debian 2.1 m68k nis_3.5-2.1_m68k.deb
  http://security.debian.org/dists/slink/updates/binary-m68k/nis_3.5-2.1 _m68k.deb


• Debian 2.2 (ppc): nis_3.8-0.1
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/ni s_3.8-0.1_powerpc.deb


• Debian 2.2 (sparc): nis_3.8-0.1
  http://security.debian.org/dists/stable/updates/main/binary-sparc/nis_ 3.8-0.1_sparc.deb


• Debian 2.2 alpha nis_3.8-0.1_alpha.deb
  http://security.debian.org/dists/stable/updates/main/binary-alpha/nis_ 3.8-0.1_alpha.deb


• Debian 2.2 arm nis_3.8-0.1_arm.deb
  http://security.debian.org/dists/stable/updates/main/binary-arm/nis_3. 8-0.1_arm.deb


• Debian 2.2 i386 nis_3.8-0.1_i386.deb
  http://security.debian.org/dists/stable/updates/main/binary-i386/nis_3 .8-0.1_i386.de


• Red Hat Inc. 5.2 alpha ypbind-3.3-10.alpha.rpm
  ftp://updates.redhat.com/5.2/alpha/ypbind-3.3-10.alpha.rpm


• Red Hat Inc. 5.2 sparc ypbind-3.3-10.sparc.rpm
  ftp://updates.redhat.com/5.2/sparc/ypbind-3.3-10.sparc.rpm


• Red Hat Inc. 5.x i386 ypbind-3.3-10.i386.rpm
  ftp://updates.redhat.com/5.2/i386/ypbind-3.3-10.i386.rpm


• Red Hat Inc. 6.2 alpha ypbind-1.7-0.6.x.alpha.rpm
  ftp://updates.redhat.com/6.2/alpha/ypbind-1.7-0.6.x.alpha.rpm


• Red Hat Inc. 6.2 i386 ypbind-1.7-0.6.x.i386.rpm
  ftp://updates.redhat.com/6.2/i386/ypbind-1.7-0.6.x.i386.rpm


• Red Hat Inc. 6.2 sparc ypbind-1.7-0.6.x.sparc.rpm
  ftp://updates.redhat.com/6.2/sparc/ypbind-1.7-0.6.x.sparc.rpm


• Wirex ypbind-1.7-0.6.x_StackGuard.i386
  http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/ypbind-1.7-0.6. x_StackGuard.i386.rpm