Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Mon, 28 Oct 2002 15:09:40 +0100
From: Daniel Ahlberg <[email protected]>
To: [email protected]
Subject: GLSA: ypserv

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-010
- - --------------------------------------------------------------------

PACKAGE : ypserv
SUMMARY═: information leak
DATE ══ : 2002-10-28 14:10 UTC
EXPLOIT : remote

- - --------------------------------------------------------------------

Thorsten Kukuck discovered a problem in the ypserv program which is
part of the Network Information Services (NIS).  A memory leak in all
versions of ypserv prior to 2.5 is remotely exploitable.  When a
malicious user could request a non-existing map the server will leak
parts of an old domainname and mapname.

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-nds/ypserv-1.3.12 and earlier update their systems as follows:

emerge rsync
emerge ypserv
emerge clean

- - --------------------------------------------------------------------
[email protected] - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9vUUjfT7nyhUpoZMRAv7wAJ4hQ2QqPozFTcLkIr3ddJCHwIqiOQCcC89e
CW28lSsCnFemMc4lTReoiao=
=IWUR
-----END PGP SIGNATURE-----

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: