• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

ypxfrd Local File Disclosure Vulnerability

A vulnerability has been discovered in ypxfrd.

Reportedly, ypxfrd fails to sufficently validate user supplied arguments. This issue could be exploited to disclose arbitrary ypxfrd readable files.

If running as a privileged user, exploiting this issue could allow an attacker to access sensitive files, such as a system's shadow file.

The exact operating system releases that are vulnerable to this issue have not yet been confirmed, but it is assumed that the latest versions are affected.

Under some circumstances, depending on the configuration of the vulnerable system, it may be possible for dbm files to be viewed by a remote attacker.

*** It should be noted that this may be the same issue as bid 5912, but due to conflicting reports, we are treating it as a seperate issue.