Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisorycriticalsoftware updateFedora Core 4: 2005-482 Critical Update for ypserv Crash Issue Fix
Fix crash with ypxfr caused by failing to zero out data.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-482 2005-07-20 ---------------------------------------------------------------------Product : Fedora Core 4 Name : ypserv Version : 2.13 Release : 7 Summary : The NIS (Network Information Service) server. Description : The Network Information Service (NIS) is a system that provides network information (login names, passwords, home directories, group information) to all of the machines on a network. NIS can allow users to log in on any machine on the network, as long as the machine has the NIS client programs running and the user's password is recorded in the NIS passwd database. NIS was formerly known as Sun Yellow Pages (YP). This package provides the NIS server, which will need to be running on your network. NIS clients do not need to be running the server. Install ypserv if you need an NIS server for your network. You also need to install the yp-tools and ypbind packages on any NIS client machines. ---------------------------------------------------------------------* Thu Jun 23 2005 Chris Feist - 2.13-7 - Fix crash with ypxfr caused by failing to zero out data (bz #161217) ---------------------------------------------------------------------This update can be downloaded from: 3f6ad6767aea0f1a70a40760bc25e7a5 SRPMS/ypserv-2.13-7.src.rpm bfc87555e39a36a511bda8cc2d46f70c ppc/ypserv-2.13-7.ppc.rpm 9be5bc10b9f7e92365b4a99534dd8c22 ppc/debug/ypserv-debuginfo-2.13-7.ppc.rpm d5b07b9905dc0eea17b2972b4776afd6 x86_64/ypserv-2.13-7.x86_64.rpm bebae1bd5b3215bd9c1149b3146110ed x86_64/debug/ypserv-debuginfo-2.13-7.x86_64.rpm c511dcd1043e36e04a3d8869e9282b51 i386/ypserv-2.13-7.i386.rpm 7d1b993e51b5ea8201a386826e2940f8 i386/debug/ypserv-debuginfo-2.13-7.i386.rpm This update can also be installed with the Update Agent; you can launch theUpdate Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Jul 20, 2005
•Critical
Fedora
91
security advisorydenial of servicegentooGentoo: 200401-06 Critical Vulnerability in ypserv Causes Remote DoS
ypserv NIS server before 2.7 allows remote attackers to cause a denialof service via a TCP client request that does not respond to the server,which causes ypserv to block.. - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200307-04 - - --------------------------------------------------------------------- PACKAGE : ypserv SUMMARY : denial of service DATE : 2003-07-11 14:27 UTC EXPLOIT : remote VERSIONS AFFECTED : =ypserv-2.8 CVE : CAN-2003-0251 - - --------------------------------------------------------------------- quote from CVE: "ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block." SOLUTION It is recommended that all Gentoo Linux users who are running net-nds/ypserv upgrade to ypserv-2.8 as follows emerge sync emerge ypserv emerge clean - - ---------------------------------------------------------------------
Jul 11, 2003
•Critical
Gentoo
98
security advisoryRed Hat LinuxmoderateRed Hat Linux 7.1 RHSA-2003:173-01 Moderate: ypserv DoS Exploit
A vulnerability has been discovered in the ypserv NIS server prior to version 2.7.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated ypserv packages fix a denial of service vulnerability Advisory ID: RHSA-2003:173-01 Issue date: 2003-06-25 Updated on: 2003-06-25 Product: Red Hat Linux Keywords: NIS ypserver DOS Cross references: Obsoletes: CVE Names: CAN-2003-0251 - --------------------------------------------------------------------- 1. Topic: Updated ypserv packages fixing a denial of service vulnerability are now available. 2. Relevant releases/architectures: Red Hat Linux 7.1 - i386 Red Hat Linux 7.2 - i386, ia64 Red Hat Linux 7.3 - i386 Red Hat Linux 8.0 - i386 Red Hat Linux 9 - i386 3. Problem description: The ypserv package contains the Network Information Service (NIS) server. A vulnerability has been discovered in the ypserv NIS server prior to version 2.7. If a malicious client queries ypserv via TCP and subsequently ignores the server's response, ypserv will block attempting to send the reply. This results in ypserv failing to respond to other client requests. Versions 2.7 and above of ypserv have been altered to fork a child for each client request, thus preventing any one request from causing the server to block. Red Hat recommends that users of NIS upgrade to these packages, which contain version 2.8.0 of ypserv and are therefore not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your currentdirectory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. RPMs required: Red Hat Linux 7.1: SRPMS: i386: Red Hat Linux 7.2: SRPMS: i386: ia64: Red Hat Linux 7.3: SRPMS: i386: Red Hat Linux 8.0: SRPMS: i386: Red Hat Linux 9: SRPMS: i386: 6. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- db17bee9fdb6d553dbb57850abff456a 7.1/en/os/SRPMS/ypserv-2.8-0.72E.src.rpm a51f5a9adf6ff4f255678e7407982a7e 7.1/en/os/i386/ypserv-2.8-0.72E.i386.rpm db17bee9fdb6d553dbb57850abff456a 7.2/en/os/SRPMS/ypserv-2.8-0.72E.src.rpm a51f5a9adf6ff4f255678e7407982a7e 7.2/en/os/i386/ypserv-2.8-0.72E.i386.rpm c300d319d7e883d5197b63f2e23fec88 7.2/en/os/ia64/ypserv-2.8-0.72E.ia64.rpm c1977878cc0c0f90a9d55a4ae3b3bfe3 7.3/en/os/SRPMS/ypserv-2.8-0.73E.src.rpm 4af8d607cf8ba600288b5a5f164bf2f6 7.3/en/os/i386/ypserv-2.8-0.73E.i386.rpm a606ee4aedc08cf7065e39d79b5e7474 8.0/en/os/SRPMS/ypserv-2.8-0.80E.src.rpm 9b72853f34de52966ff929218d1948bf 8.0/en/os/i386/ypserv-2.8-0.80E.i386.rpm 158b6b1ea17e996f2909ed98e444d683 9/en/os/SRPMS/ypserv-2.8-0.9E.src.rpm 86be6a349c1770893c6965611e29dc70 9/en/os/i386/ypserv-2.8-0.9E.i386.rpm These packages are GPG signed by Red Hat for security. Our key is available from Product Signing Keys - Red Hat Customer Portal You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 7. References: CVE -CVE-2003-0251 8. Contact: The Red Hat security contact is . Morecontact details at All Red Hat products Copyright 2003 Red Hat, Inc. . Red Hat's ypserv update tackles denial of service vulnerabilities affecting NIS servers, enhancing input validation, rate limiting, and logging for better security. Red Hat Security Update, NIS Server Patch, ypserv DoS. . LinuxSecurity.com Team
Jun 25, 2003
Red Hat
98
security advisoryred hatcriticalRed Hat 6.x and 7.x RHSA-2002:223-07 Critical Ypserv Memory Leak
When someone requests a map that doesn't exist, a previous mapname may be leaked. Repeated runs will result in the yp server using more and more memory, and running more slowly. It could also result in ypserv being killed due to the system being out of memory.. --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated ypserv packages fixes memory leak Advisory ID: RHSA-2002:223-07 Issue date: 2002-10-08 Updated on: 2002-10-24 Product: Red Hat Linux Keywords: ypserv memory leak Cross references: Obsoletes: CVE Names: CAN-2002-1232 --------------------------------------------------------------------- 1. Topic: Updated ypserv packages which fix a memory leak are now available for Red Hat Linux 7.x and 6.2. 2. Relevant releases/architectures: Red Hat Linux 6.2 - alpha, i386, sparc Red Hat Linux 7.0 - alpha, i386 Red Hat Linux 7.1 - alpha, i386, ia64 Red Hat Linux 7.2 - i386, ia64 Red Hat Linux 7.3 - i386 3. Problem description: ypserv is an NIS authentication server. ypserv versions before 2.5 contain a memory leak that can be triggered remotely. When someone requests a map that doesn't exist, a previous mapname may be leaked. This happens, for instance, if you run "ypmatch foo aaaaaaaaaaaaaaaaaaaa". Repeated runs will result in the yp server using more and more memory, and running more slowly. It could also result in ypserv being killed due to the system being out of memory. This errata updates Red Hat Linux 7.x to ypserv version 2.5 which doesn't have the memory leak, and updates Red Hat Linux 6.x to a patched version of ypserv that doesn't have the memory leak. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMswhich are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. RPMs required: Red Hat Linux 6.2: SRPMS: alpha: i386: sparc: Red Hat Linux 7.0: SRPMS: alpha: i386: Red Hat Linux 7.1: SRPMS: alpha: i386: ia64: Red Hat Linux 7.2: SRPMS: i386: ia64: Red Hat Linux 7.3: SRPMS: i386: 6. Verification: MD5 sum Package Name -------------------------------------------------------------------------- ccd7373767c66d1f33969376283bdaf3 6.2/en/os/SRPMS/ypserv-1.3.9-3.6x.src.rpm 0a206ef1852e6925001b1162af18f592 6.2/en/os/alpha/ypserv-1.3.9-3.6x.alpha.rpm d63f8bbf7e3ac74069cb6e69545b5311 6.2/en/os/i386/ypserv-1.3.9-3.6x.i386.rpm 295c8ced6b5b2cb9f33564d9405922c6 6.2/en/os/sparc/ypserv-1.3.9-3.6x.sparc.rpm 37be9d1ee5505ff395d5a521cacedc83 7.0/en/os/SRPMS/ypserv-2.5-2.7x.src.rpm 6aa1e1c525e6dcc3739e95a7cea3f18c 7.0/en/os/alpha/ypserv-2.5-2.7x.alpha.rpm 598182855e18bcfe501bffdefacc26bf 7.0/en/os/i386/ypserv-2.5-2.7x.i386.rpm 37be9d1ee5505ff395d5a521cacedc83 7.1/en/os/SRPMS/ypserv-2.5-2.7x.src.rpm 6aa1e1c525e6dcc3739e95a7cea3f18c 7.1/en/os/alpha/ypserv-2.5-2.7x.alpha.rpm 598182855e18bcfe501bffdefacc26bf 7.1/en/os/i386/ypserv-2.5-2.7x.i386.rpm 0f4ff96fb026fb33d96c7c9030dcf037 7.1/en/os/ia64/ypserv-2.5-2.7x.ia64.rpm 37be9d1ee5505ff395d5a521cacedc83 7.2/en/os/SRPMS/ypserv-2.5-2.7x.src.rpm 598182855e18bcfe501bffdefacc26bf 7.2/en/os/i386/ypserv-2.5-2.7x.i386.rpm 0f4ff96fb026fb33d96c7c9030dcf0377.2/en/os/ia64/ypserv-2.5-2.7x.ia64.rpm 37be9d1ee5505ff395d5a521cacedc83 7.3/en/os/SRPMS/ypserv-2.5-2.7x.src.rpm 598182855e18bcfe501bffdefacc26bf 7.3/en/os/i386/ypserv-2.5-2.7x.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 7. References: CVE -CVE-2002-1232 Copyright(c) 2000, 2001, 2002 Red Hat, Inc. . Addressing the ypbind memory issue in CentOS for improved system performance and security. Immediate updates essential.. ypserv Memory Leak Patch, Red Hat Updates, Security Advisories, Memory Exploitation Mitigation. . Severity: Critical. LinuxSecurity.com Team
Oct 24, 2002
•Critical
Red Hat
87
security advisorybuffer overflowcriticalDebian 2.1: Critical Update for NIS Package Buffer Overflow
The nis package that was distributed with Debian GNU/Linux 2.1 has a couple of problems: * ypserv allowed any machine in the NIS domain to insert new tables * rpc.yppasswd had a bufferoverflow in its MD5 code * rpc.yppasswd allowed users to change the GECOS and loginshell entries of other users . -----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory
Dec 13, 1999
•Critical
Debian
100
security advisorybuffer overflowcriticalSuSE: 1999-001 Critical: ypserv Buffer Overflow And Injection Risk
The package ypserv is the former "yellow pages", now called NIS information service, which is used for e.g. central network user account management. Several vulnerability exists: ypserv prior 1.3.9 allows an administrator in the NIS domain to inject password tables; rpc.yppasswd prior 1.3.6.92 has got a buffer overflow in the md5 hash generation [SuSE linux is unaffected by this, other linux falvors are]; rpc.yppasswdd prior 1.3.9 allows users to change GECO and login shell values of other users. . ______________________________________________________________________________ SuSE Security Announcement Package: ypserv prior 1.3.9 Date: Tue Sep 28 08:38:50 CEST 1999 Affected: all linux distributions using the ypserv package ______________________________________________________________________________ A security hole was discovered in the package mentioned above. Please update as soon as possible or disable the service if you are using this software on your SuSE Linux installation(s). Other Linux distributions or operating systems might be affected as well, please contact your vendor for information about this issue. Please note, that that we provide this information on "as-is" basis only. There is no warranty whatsoever and no liability for any direct, indirect or incidental damage arising from this information or the installation of the update package. _____________________________________________________________________________ 1. Problem Description The package ypserv is the former "yellow pages", now called NIS information service, which is used for e.g. central network user account management. Several vulnerability exists: ypserv prior 1.3.9 allows an administrator in the NIS domain to inject password tables; rpc.yppasswd prior 1.3.6.92 has got a buffer overflow in the md5 hash generation [SuSE linux is unaffected by this, other linux falvors are]; rpc.yppasswdd prior 1.3.9 allows users to change GECO and loginshell values of other users. 2. Impact If administrator access to one server in the NIS domain is compromised, access to the whole domain can be achieved. On some linux distributions other than SuSE, The rpc.yppasswdd service may halt unexpectedly. It is theoretically possible to execute arbitary code on these systems too. User information can be changed and restricted accounts opened. 3. Solution Updated the package from our FTP server. ______________________________________________________________________________ Here are the md5 checksums of the upgrade packages, please verify these before installing the new packages: abe34d8d1831550059b3fad160fe41f5 ypserv-1.3.9-0.i386.rpm (6.1) 6937d10896d2b5beb18471491ca57781 ypserv-1.3.9-0.alpha.rpm (AXP) 19472f128099cb1e311f2db247acd39f ypserv-1.3.9-0.i386.rpm (6.2) For SuSE 6.0 users: please use the 6.1 version. ______________________________________________________________________________ You will find the update on our ftp-Server: Webpage for patches: https://www.suse.com/de-de/ or try the following web pages for a list of mirrors: https://www.suse.com/de-de/ ______________________________________________________________________________ . A significant vulnerability in ypserv earlier than version 1.3.9 necessitates immediate patches or disabling of the service to avert potential exploitation.. ypserv Vulnerability,NIS Security,Linux Access Management,Buffer Overflow Risk. . Severity: Critical. LinuxSecurity.com Team
Dec 08, 1999
•Critical
SuSE
98
security advisoryRed Hatbuffer overflowRed Hat 6.1 RHSA-1999:046-01 Critical: Ypserv Buffer Overflow Risk
The ypserv package, which contains the ypserv NIS server and the yppasswdd password-change server, has been discovered to have security holes. . Red Hat, Inc. Security Advisory Package ypserv Synopsis security problems with ypserv Advisory ID RHSA-1999:046-01 Issue Date 1999-10-27 Updated on 1999-10-27 Keywords ypserv yppasswdd rpc.yppasswdd 1. Topic: The ypserv package, which contains the ypserv NIS server and the yppasswdd password-change server, has been discovered to have security holes. 2. Problem description: With ypserv, local administrators in the NIS domain could possibly inject password tables. In rpc.yppasswdd, userscould change GECOS and login shells of other users, and there is a buffer overflow in the md5 hash generation. It is recommended that all users of the ypserv package upgrade to the new packages. 3. Bug IDs fixed: (see bugzilla for more information) 4. Relevant releases/architectures: Red Hat Linux 6.1, all architectures 5. Obsoleted by: None 6. Conflicts with: None 7. RPMs required: Intel: Alpha: SPARC: Source: 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh filename where filename is the name of the RPM. 9. Verification: MD5 sum Package Name ------------------------------------------------------------------------- c1a566b7535bb51e25d9c1743f822682 ypserv-1.3.9-1.i386.rpm a8f5a82d450ddb2b42068537859c18ae ypserv-1.3.9-1.alpha.rpm 6759503c9cc688bcd1902f6511ecc60a ypserv-1.3.9-1.sparc.rpm f7e8b5a241c4e873822c83be2f0cf566 ypserv-1.3.9-1.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: .html You can verifyeach package with the following command: rpm --checksig filename If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename Note that you need RPM > = 3.0 to check GnuPG keys. 10. References:
Dec 07, 1999
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!