• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

YPServ Remote Network Information Leakage Vulnerability

Solution:
This issue has been addressed in the latest release of ypserv. Users are advised to upgrate to ypserv v2.5.

HP has released an advisory for HP Secure OS 1.0, and has recommended users of the operating system apply the fixes described in Red Hat Security Advisory RHSA-2002:223 titled "Updated ypserv packages fixes memory leak".

SCO has made fixes available for Caldera Linux.

Debian has released an advisory. Fixes are available.

Gentoo Linux has released an advisory. Users who have installed net-nds/ypserv-1.3.12 are urged to update systems by issuing the following commands:

emerge rsync
emerge ypserv
emerge clean

Conectiva Linux has released a security advisory containing fixes. Further information can be obtained from the referenced advisory.

Mandrake has release a security advisory containing fixes. Information about obtaining and applying fixes can be found in the referenced advisory.

Sun has released an advisory containing fixes.

Fixes:


Sun Solaris 8

• Sun 109328-03
  http://sunsolve.sun.com

Sun Solaris 2.6_x86

• Sun 108891-02
  http://sunsolve.sun.com

RedHat ypserv-1.3.9-3.i386.rpm

• RedHat ypserv-1.3.9-3.6x.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/ypserv-1.3.9-3.6x.i386.rpm

Sun Solaris 7.0

• Sun 106541-24
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109328&rev=03

RedHat ypserv-2.2-9.i386.rpm

• RedHat ypserv-2.5-2.7x.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/ypserv-2.5-2.7x.i386.rpm

Sun Solaris 9

• Sun 113579-01
  http://sunsolve.sun.com

Sun Solaris 7.0_x86

• Sun 106542-24
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=106542&rev=24

Sun Solaris 2.6

• Sun 108890-02
  http://sunsolve.sun.com

Sun Solaris 8_x86

• Sun 109329-03
  http://sunsolve.sun.com

Debian Linux 2.2 powerpc

• Debian nis_3.8-2.1_powerpc.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_powerpc .deb

Debian Linux 2.2

• Debian nis_3.8-2.1.diff.gz
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1.diff.gz


• Debian nis_3.8-2.1.dsc
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1.dsc


• Debian nis_3.8-2.1_i386.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_i386.de b


• Debian nis_3.8.orig.tar.gz
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8.orig.tar.gz

Debian Linux 2.2 arm

• Debian nis_3.8-2.1_arm.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_arm.deb

Debian Linux 2.2 alpha

• Debian nis_3.8-2.1_alpha.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_alpha.d eb

Debian Linux 2.2 sparc

• Debian nis_3.8-2.1_sparc.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_sparc.d eb

Debian Linux 2.2 68k

• Debian nis_3.8-2.1_m68k.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_m68k.de b

Thorsten Kukuk ypserv 2.4

• Debian nis_3.8-2.1.diff.gz
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1.diff.gz


• Debian nis_3.8-2.1.dsc
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1.dsc


• Debian nis_3.8-2.1_alpha.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_alpha.d eb


• Debian nis_3.8-2.1_arm.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_arm.deb


• Debian nis_3.8-2.1_i386.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_i386.de b


• Debian nis_3.8-2.1_m68k.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_m68k.de b


• Debian nis_3.8-2.1_powerpc.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_powerpc .deb


• Debian nis_3.8-2.1_sparc.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_sparc.d eb


• Debian nis_3.8.orig.tar.gz
  http://security.debian.org/pool/updates/main/n/nis/nis_3.8.orig.tar.gz


• Debian nis_3.9-6.1.diff.gz
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1.diff.gz


• Debian nis_3.9-6.1.dsc
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1.dsc


• Debian nis_3.9-6.1_alpha.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_alpha.d eb


• Debian nis_3.9-6.1_arm.deb
  Debian GNU/Linux 3.0
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_arm.deb


• Debian nis_3.9-6.1_hppa.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_hppa.de b


• Debian nis_3.9-6.1_hppa.deb
  Debian GNU/Linux 3.0
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_hppa.de b


• Debian nis_3.9-6.1_i386.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_i386.de b


• Debian nis_3.9-6.1_i386.deb
  Debian GNU/Linux 3.0
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_i386.de b


• Debian nis_3.9-6.1_ia64.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_ia64.de b


• Debian nis_3.9-6.1_m68k.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_m68k.de b


• Debian nis_3.9-6.1_mips.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_mips.de b


• Debian nis_3.9-6.1_mipsel.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_mipsel. deb


• Debian nis_3.9-6.1_powerpc.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_powerpc .deb


• Debian nis_3.9-6.1_s390.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_s390.de b


• Debian nis_3.9-6.1_sparc.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_sparc.d eb


• Debian nis_3.9.orig.tar.gz
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9.orig.tar.gz

Debian Linux 3.0 s/390

• Debian nis_3.9-6.1_s390.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_s390.de b

Debian Linux 3.0 alpha

• Debian nis_3.9-6.1_alpha.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_alpha.d eb

Debian Linux 3.0 mips

• Debian nis_3.9-6.1_mips.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_mips.de b

Debian Linux 3.0 mipsel

• Debian nis_3.9-6.1_mipsel.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_mipsel. deb

Debian Linux 3.0 m68k

• Debian nis_3.9-6.1_m68k.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_m68k.de b

Debian Linux 3.0 hppa

• Debian nis_3.9-6.1_hppa.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_hppa.de b

Debian Linux 3.0 arm

• Debian nis_3.9-6.1_arm.deb
  Debian GNU/Linux 3.0
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_arm.deb

Debian Linux 3.0 sparc

• Debian nis_3.9-6.1_sparc.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_sparc.d eb

Debian Linux 3.0 ia-64

• Debian nis_3.9-6.1_ia64.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_ia64.de b

Debian Linux 3.0 ppc

• Debian nis_3.9-6.1_powerpc.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_powerpc .deb

Debian Linux 3.0

• Debian nis_3.9-6.1.diff.gz
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1.diff.gz


• Debian nis_3.9-6.1.dsc
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1.dsc


• Debian nis_3.9-6.1_i386.deb
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_i386.de b


• Debian nis_3.9.orig.tar.gz
  http://security.debian.org/pool/updates/main/n/nis/nis_3.9.orig.tar.gz

Caldera OpenLinux Server 3.1

• Caldera nis-client-2.0-23.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-054.0/RPM S/nis-client-2.0-23.i386.rpm


• Caldera nis-server-2.0-23.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-054.0/RPM S/nis-server-2.0-23.i386.rpm

Caldera OpenLinux Workstation 3.1

• Caldera nis-client-2.0-23.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-054. 0/RPMS/nis-client-2.0-23.i386.rpm

Caldera OpenLinux Server 3.1.1

• Caldera nis-client-2.0-23.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-054.0/R PMS/nis-client-2.0-23.i386.rpm


• Caldera nis-server-2.0-23.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-054.0/R PMS/nis-server-2.0-23.i386.rpm

Caldera OpenLinux Workstation 3.1.1

• Caldera nis-client-2.0-23.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-05 4.0/RPMS/nis-client-2.0-23.i386.rpm

Conectiva Linux 6.0

• Conectiva ypserv-1.3.11-4U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ypserv-1.3.11-4U60_1cl.i3 86.rpm


• Conectiva ypserv-1.3.11-4U60_1cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/ypserv-1.3.11-4U60_1cl.s rc.rpm

RedHat Linux 6.2

• RedHat ypserv-1.3.9-3.6x.alpha.rpm
  ftp://updates.redhat.com/6.2/en/os/alpha/ypserv-1.3.9-3.6x.alpha.rpm


• RedHat ypserv-1.3.9-3.6x.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/ypserv-1.3.9-3.6x.i386.rpm


• RedHat ypserv-1.3.9-3.6x.sparc.rpm
  ftp://updates.redhat.com/6.2/en/os/sparc/ypserv-1.3.9-3.6x.sparc.rpm

Conectiva Linux 7.0

• Conectiva ypserv-1.3.12-4U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ypserv-1.3.12-4U70_1cl.i3 86.rpm


• Conectiva ypserv-1.3.12-4U70_1cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/ypserv-1.3.12-4U70_1cl.s rc.rpm

RedHat Linux 7.0

• RedHat ypserv-1.3.9-3.6x.sparc.rpm
  ftp://updates.redhat.com/6.2/en/os/sparc/ypserv-1.3.9-3.6x.sparc.rpm


• RedHat ypserv-2.5-2.7x.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/ypserv-2.5-2.7x.alpha.rpm


• RedHat ypserv-2.5-2.7x.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/ypserv-2.5-2.7x.i386.rpm

RedHat Linux 7.1

• RedHat ypserv-2.5-2.7x.alpha.rpm
  ftp://updates.redhat.com/7.1/en/os/alpha/ypserv-2.5-2.7x.alpha.rpm


• RedHat ypserv-2.5-2.7x.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/ypserv-2.5-2.7x.i386.rpm


• RedHat ypserv-2.5-2.7x.ia64.rpm
  ftp://updates.redhat.com/7.1/en/os/ia64/ypserv-2.5-2.7x.ia64.rpm

MandrakeSoft Linux Mandrake 7.2

• MandrakeSoft ypserv-1.3.12-3.2mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php

RedHat Linux 7.2

• RedHat ypserv-2.5-2.7x.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/ypserv-2.5-2.7x.i386.rpm


• RedHat ypserv-2.5-2.7x.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/ypserv-2.5-2.7x.ia64.rpm

RedHat Linux 7.3

• RedHat ypserv-2.5-2.7x.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/ypserv-2.5-2.7x.i386.rpm

MandrakeSoft Linux Mandrake 8.0 ppc

• MandrakeSoft ypserv-1.3.12-3.2mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php

Conectiva Linux 8.0

• Conectiva ypserv-1.3.12-4U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/ypserv-1.3.12-4U80_1cl.i386 .rpm


• Conectiva ypserv-1.3.12-4U80_1cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/8/SRPMS/ypserv-1.3.12-4U80_1cl.src .rpm

MandrakeSoft Linux Mandrake 8.0

• MandrakeSoft ypserv-1.3.12-3.2mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft Linux Mandrake 8.1 ia64

• MandrakeSoft ypserv-1.3.12-3.2mdk.ia64.rpm
  http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft Linux Mandrake 8.1

• MandrakeSoft ypserv-1.3.12-3.2mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft Linux Mandrake 8.2

• MandrakeSoft ypserv-2.5-1.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft Linux Mandrake 8.2 ppc

• MandrakeSoft ypserv-2.5-1.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft Linux Mandrake 9.0

• MandrakeSoft ypserv-2.5-1.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php