The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[linux-security] Unidentified subject!


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Wed, 27 Oct 1999 22:05:30 -0400
From: Bill Nottingham <[email protected]>
To: [email protected]
Subject: [linux-security] Unidentified subject!
Cc: [email protected], [email protected]

---------------------------------------------------------------------
		   Red Hat, Inc. Security Advisory

Synopsis:		security problems with ypserv
Advisory ID:		RHSA-1999:046-01
Issue date:		1999-10-27
Updated on:		1999-10-27	
Ключевые слова:  (найти похожие документы)
Cross references: ypserv yppasswdd rpc.yppasswdd --------------------------------------------------------------------- 1. Topic: The ypserv package, which contains the ypserv NIS server and the yppasswdd password-change server, has been discovered to have security holes. 2. Problem description: With ypserv, local administrators in the NIS domain could possibly inject password tables. In rpc.yppasswdd, users could change GECOS and login shells of other users, and there is a buffer overflow in the md5 hash generation. It is recommended that all users of the ypserv package upgrade to the new packages. 3. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): 4. Relevant releases/architectures: Red Hat Linux 4.x, all architectures Red Hat Linux 5.x, all architectures Red Hat Linux 6.x, all architectures 5. Obsoleted by: 6. Conflicts with: 7. RPMs required: Red Hat Linux 4.x: Intel: ftp://updates.redhat.com/4.2/i386/ypserv-1.3.9-0.4.2.i386.rpm Alpha: ftp://updates.redhat.com/4.2/alpha/ypserv-1.3.9-0.4.2.alpha.rpm Sparc: ftp://updates.redhat.com/4.2/sparc/ypserv-1.3.9-0.4.2.sparc.rpm Source packages: ftp://updates.redhat.com/4.2/SRPMS/ypserv-1.3.9-0.4.2.src.rpm Red Hat Linux 5.x: Intel: ftp://updates.redhat.com/5.2/i386/ypserv-1.3.9-0.5.2.i386.rpm Alpha: ftp://updates.redhat.com/5.2/alpha/ypserv-1.3.9-0.5.2.alpha.rpm Sparc: ftp://updates.redhat.com/5.2/sparc/ypserv-1.3.9-0.5.2.sparc.rpm Source packages: ftp://updates.redhat.com/5.2/SRPMS/ypserv-1.3.9-0.5.2.src.rpm Red Hat Linux 6.x: Intel: ftp://updates.redhat.com/6.1/i386/ypserv-1.3.9-1.i386.rpm Alpha: ftp://updates.redhat.com/6.0/alpha/ypserv-1.3.9-1.alpha.rpm Sparc: ftp://updates.redhat.com/6.0/sparc/ypserv-1.3.9-1.sparc.rpm Source packages: ftp://updates.redhat.com/6.1/SRPMS/ypserv-1.3.9-1.src.rpm 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh 'filename' where filename is the name of the RPM. 9. Verification: MD5 sum Package Name -------------------------------------------------------------------------- d384966683e0c59b7c63d2d0fcba79ce ypserv-1.3.9-0.4.2.i386.rpm e8e860c754e894b955c2ec3e73bcad8d ypserv-1.3.9-0.4.2.alpha.rpm 19cfbc0bf8ef5ed272243d74020b69df ypserv-1.3.9-0.4.2.sparc.rpm df131f369bfb64d1b093447168484e38 ypserv-1.3.9-0.4.2.src.rpm 51a38316e72f25b6751ade459728f049 ypserv-1.3.9-0.5.2.i386.rpm 65da86b0b61ae70b82a5b3fe17b77803 ypserv-1.3.9-0.5.2.alpha.rpm 2956fc958456d5a91d697043932266bd ypserv-1.3.9-0.5.2.sparc.rpm dda2d28bb89cddb9ecb4409778a548f9 ypserv-1.3.9-0.5.2.src.rpm c1a566b7535bb51e25d9c1743f822682 ypserv-1.3.9-1.i386.rpm a8f5a82d450ddb2b42068537859c18ae ypserv-1.3.9-1.alpha.rpm 6759503c9cc688bcd1902f6511ecc60a ypserv-1.3.9-1.sparc.rpm f7e8b5a241c4e873822c83be2f0cf566 ypserv-1.3.9-1.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 10. References: <[email protected]> -- ---------------------------------------------------------------------- Please refer to the information about this list as well as general information about Linux security at http://www.aoy.com/Linux/Security. ---------------------------------------------------------------------- To unsubscribe: mail -s unsubscribe [email protected] < /dev/null

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру