Debian 2.1, 2.2 Security Advisory: Critical Ypbind Local Exploit
debian
October 16, 2000
The version of nis as distributed in Debian GNU/Linux 2.1 and 2.2 contains an ypbind package with a security problem.
Topics Covered
Summary
Package : nis
Problem type : local exploit
Debian-specific: no
The version of nis as distributed in Debian GNU/Linux 2.1 and 2.2
contains an ypbind package with a security problem.
ypbind is used to request information from a nis server which is then
used by the local machine. The logging code in ypbind was vulnerable to a
printf formating attack which can be exploited by passing ypbind a
carefully crafted request. This way ypbind can be made to run arbitrary
code as root.
This has been fixed in version 3.5-2.1 for Debian GNU/Linux 2.1 and
version 3.8-0.1 for Debian GNU/Linux 2.2 .
We recommend you upgrade your nis package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
Slink was released for alpha, i386, m68k and sparc. At this moment
security updates for alpha and sparc are no longer being made.
Support for i386 and m68k will continue until the end of this month.
Source archives:
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!