From aliz@gentoo.org Mon Oct 28 11:23:09 2002
From: Daniel Ahlberg <aliz@gentoo.org>
To: full-disclosure@lists.netsys.com
Date: Mon, 28 Oct 2002 15:09:40 +0100
Subject: [Full-Disclosure] GLSA: ypserv

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-010
- - --------------------------------------------------------------------

PACKAGE : ypserv
SUMMARY : information leak
DATE    : 2002-10-28 14:10 UTC
EXPLOIT : remote

- - --------------------------------------------------------------------

Thorsten Kukuck discovered a problem in the ypserv program which is
part of the Network Information Services (NIS).  A memory leak in all
versions of ypserv prior to 2.5 is remotely exploitable.  When a
malicious user could request a non-existing map the server will leak
parts of an old domainname and mapname.

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-nds/ypserv-1.3.12 and earlier update their systems as follows:

emerge rsync
emerge ypserv
emerge clean

- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9vUUjfT7nyhUpoZMRAv7wAJ4hQ2QqPozFTcLkIr3ddJCHwIqiOQCcC89e
CW28lSsCnFemMc4lTReoiao=
=IWUR
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html