SuSE: 'ypbind/ypclient' vulnerability

    Date18 Oct 2000
    CategorySuSE
    2711
    Posted ByLinuxSecurity Advisories
    Security problems have been found in the client code of the NIS (Network Information System, aka yp - yellow pages) subsytem.
    
    ______________________________________________________________________________
    
                            SuSE Security Announcement
    
            Package:                ypbind/ypclient
            Announcement-ID:        SuSE-SA:2000:042
            Date:                   Wednesday, October 18th, 2000 19:15 MEST
            Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0
            Vulnerability Type:     possible remote root compromise
            Severity (1-10):        8
            SuSE default package:   yes (starting with SuSE-6.4)
            Other affected systems: Linux systems using this NIS implementation
    
        Content of this advisory:
            1) security vulnerability resolved: ypbind/ypclient
               problem description, discussion, solution and upgrade information
            2) pending vulnerabilities, solutions, workarounds
            3) standard appendix (further information)
    
    ______________________________________________________________________________
    
    1)  problem description, brief discussion, solution, upgrade information
    
        Security problems have been found in the client code of the NIS 
        (Network Information System, aka yp - yellow pages) subsytem. 
        SuSE distributions before SuSE-6.1 came with the original ypbind
        program, SuSE-6.2 and later included the ypbind-mt NIS client 
        implementation. ypbind-3.3 (the earlier version) has a format
        string parsing bug if it is run in debug mode, and (discovered
        by Olaf Kirch <This email address is being protected from spambots. You need JavaScript enabled to view it.>) leaks file descriptors under 
        certain circumstances which can lead to a DoS. In addition, 
        ypbind-3.3 may suffer from buffer overflows. 
        ypbind-mt, the software shipped with SuSE distributions starting 
        with SuSE-6.2, suffers from a single format string parsing bug. 
        Some of these bugs could allow remote attackers to execute 
        arbitrary code as root.
        During code audit and testing it turned out that the ypbind-3.x 
        software in the SuSE-6.1 distribution and earlier needs a major
        overhaul to make it work both reliable and secure with respect
        to errors in the code. Basically, this is what happened when 
        Thorsten Kukuk <This email address is being protected from spambots. You need JavaScript enabled to view it.> wrote ypbind-mt from scratch in 1998.
        For the same reason, we are currently unable to produce a working 
        security update package which fixes the known and yet unknown (there
        may be more) problems in the ypclient packages in the SuSE-6.1
        distribution and older.
        The only efficient workaround for the SuSE-6.1 distribution and older
        against these bugs for an untrusted, hostile environment is to upgrade
        to a new distribution base (SuSE-7.0 is recommended) and use the 
        ypclient update packages for this distribution.
        As of today, there is no exploit known to exist in the wild.
    
        For SuSE-6.2 and later distributions we provide update packages as 
        listed below. We recommend to download and install these packages
        on systems that are NIS/yp clients.
        Please note that the sources for the ypclient package are contained
        within the ypserv source rpm.
    
        Download the update package from locations described below and install 
        the package with the command `rpm -Uhv file.rpm'. The md5sum for each
        file is in the line below. You can verify the integrity of the rpm
        files using the command
            `rpm --checksig --nogpg file.rpm',
        independently from the md5 signatures below.
    
    
        i386 Intel Platform:
    
        SuSE-7.0
         ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/ypclient-3.5-89.i386.rpm
          76e4e7f60791db16c5e36fb5dbf60b65
        source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/ypserv-1.3.11-89.src.rpm
          e2b1dccaec003f54e4ebbdef84d99a10
    
        SuSE-6.4
         ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/ypclient-3.4-95.i386.rpm
          e485ea27264fb9c4f890cdf7605ffa30
        source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/ypserv-1.3.11-95.src.rpm
          c61c6df2ba1fef2369406b2dcbcd25f1
    
        SuSE-6.3
         ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/ypclient-3.4-95.i386.rpm
          c1a10cc0a3f72242b136be921f9ae0c1
        source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/ypserv-1.3.11-95.src.rpm
          6f47a880d5e7175dc2b5ff0116d7de4d
    
        SuSE-6.2
         ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/ypclient-3.4-95.i386.rpm
          9050e63cb9f7fac4997968760292a6f1
        source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/ypserv-1.3.11-95.src.rpm
          7ecfaffd8cdb68f73adfd1d6fd27ed39
    
        SuSE-6.1 and older:
        Please see the problem description above.
    
    
        Sparc Platform:
    
        SuSE-7.0
         ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/ypclient-3.5-89.sparc.rpm
          1a38d25c8647f010e2a9879f28de4adf
        source rpm:
         ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/ypserv-1.3.11-89.src.rpm
          6ba9200e49210f98ca845107b034b981
    
    
    
        AXP Alpha Platform:
    
        SuSE-6.4
         ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/ypclient-3.4-95.alpha.rpm
          6aea95ca27245eb3df72da7596af3321
        source rpm:
         ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/ypserv-1.3.11-95.src.rpm
          a4bf635b9ee4bdefc29b7e6e1cf0cf41
    
        SuSE-6.3
         ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/ypclient-3.4-95.alpha.rpm
          b68f8690b7dc554ac9098c83f9c633cd
        source rpm:
         ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/ypserv-1.3.11-95.src.rpm
          ef0a026d078847d0958118bbbc46b99e
    
    
    
        PPC Power PC Platform:
    
        SuSE-6.4
         ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/ypclient-3.4-95.ppc.rpm
          26080b1443a3daa1de64c876ae36e6f2
        source rpm:
         ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/ypserv-1.3.11-95.src.rpm
          4f0904d73c98c8b9737d5ac34b7a4dd5
    
    ______________________________________________________________________________
    
    2)  Pending vulnerabilities in SuSE Distributions and Workarounds:
    
        Another security announcement is following this advisory.
    ______________________________________________________________________________
    
    3)  standard appendix:
    
        SuSE runs two security mailing lists to which any interested party may
        subscribe:
    
        This email address is being protected from spambots. You need JavaScript enabled to view it.
            -   general/linux/SuSE security discussion. 
                All SuSE security announcements are sent to this list.
                To subscribe, send an email to 
                    <This email address is being protected from spambots. You need JavaScript enabled to view it.>.
    
        This email address is being protected from spambots. You need JavaScript enabled to view it.
            -   SuSE's announce-only mailing list.
                Only SuSE's security annoucements are sent to this list.
                To subscribe, send an email to
                    <This email address is being protected from spambots. You need JavaScript enabled to view it.>.
    
        For general information or the frequently asked questions (faq) 
        send mail to:
            <This email address is being protected from spambots. You need JavaScript enabled to view it.> or
            <This email address is being protected from spambots. You need JavaScript enabled to view it.> respectively.
    
        ===============================================
        SuSE's security contact is <This email address is being protected from spambots. You need JavaScript enabled to view it.>.
        ===============================================
    
    Regards,
    Roman Drahtmüller.
    - - -- 
     -                                                                      -
    | Roman Drahtmüller      <This email address is being protected from spambots. You need JavaScript enabled to view it.> //          "Caution: Cape does |
      SuSE GmbH - Security           Phone: //       not enable user to fly."
    | Nürnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
     -                                                                      -
    ______________________________________________________________________________
    
        The information in this advisory may be distributed or reproduced,
        provided that the advisory is not modified in any way.
        SuSE GmbH makes no warranties of any kind whatsoever with respect 
        to the information contained in this security advisory.
    
    Type Bits/KeyID    Date       User ID
    pub  2048/3D25D3D9 1999/03/06 SuSE Security Team <This email address is being protected from spambots. You need JavaScript enabled to view it.>
    
    - -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: 2.6.3i
    
    mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
    BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
    JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
    1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
    P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
    cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
    VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
    yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
    tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
    xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
    Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
    choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
    BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
    v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
    x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
    Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
    MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
    saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
    L0oixF12Cg==
    =pIeS
    - -----END PGP PUBLIC KEY BLOCK-----
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.