Debian 2.1: Critical Update for NIS Package Buffer Overflow
debian
December 13, 1999
The nis package that was distributed with Debian GNU/Linux 2.1 has a
couple of problems:
* ypserv allowed any machine in the NIS domain to insert new tables
* rpc.yppasswd had a bu...
Topics Covered
Summary
The nis package that was distributed with Debian GNU/Linux 2.1 has a
couple of problems:
* ypserv allowed any machine in the NIS domain to insert new tables
* rpc.yppasswd had a bufferoverflow in its MD5 code
* rpc.yppasswd allowed users to change the GECOS and loginshell entries
of other users
This has been fixed in version 3.5-2. We recommend you upgrade your nis
package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Source archives:
2.diff.gz
MD5 checksum: 5b41361ce80bd2067c2c40f03ea14ac4
2.dsc
MD5 checksum: 696ad9726555336e8bab482ee8f2f040
MD5 checksum: 368167b1e16eb25ac639935310a26daa
Alpha architecture:
alpha/nis_3.5-2_alpha.deb
MD5 checksum: c0a8066bd00ed4fe10ac4c7294768ede
Intel ia32 architecture:
i386/nis_3.5-2_i386.deb
MD5 checksum: 0cc3b116a4ede4dec99189b9bdb9830a
Motorola 680x0 architecture:
m68k/nis_3.5-2_m68k.deb
MD5 checksum: 5a713462f36bb6faf90d362b...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!