YPServ Remote Network Information Leakage Vulnerability

A remotely exploitable information leakage vulnerability has been discovered in the ypserv daemon. Versions prior to 2.5 are affected.

It has been reported that a remote attacker may be able to access sensitive network information by issuing a malicious NIS request to the ypserv daemon.

Information obtained through exploiting this issue may aid an attacker in launching further attacks against the target network.

It should be noted that this issue may be similar to the issue described in bid 5914.


 

Privacy Statement
Copyright 2010, SecurityFocus