klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
 Posted: Mon Oct 28, 2002 2:37 pm Post subject: [gentoo-announce] GLSA: ypserv |
 |
|
| Daniel Ahlberg wrote: | - - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-010
- - --------------------------------------------------------------------
PACKAGE : ypserv
SUMMARY\240: information leak
DATE \240\240 : 2002-10-28 14:10 UTC
EXPLOIT : remote
- - --------------------------------------------------------------------
Thorsten Kukuck discovered a problem in the ypserv program which is part of the Network Information Services (NIS). A memory leak in all versions of ypserv prior to 2.5 is remotely exploitable. When a malicious user could request a non-existing map the server will leak parts of an old domainname and mapname.
SOLUTION
It is recommended that all Gentoo Linux users who are running net-nds/ypserv-1.3.12 and earlier update their systems as follows:
emerge rsync
emerge ypserv
emerge clean
- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - -------------------------------------------------------------------- |
Mailing List Archive: http://lists.gentoo.org/pipermail/gentoo-announce/2002-October/000228.html
--kurt
_________________
The problem with political jokes is that they get elected |
|
News & Announcements
