|
Family: Debian Local Security Checks --> Category: infos
[DSA180] DSA-180-1 nis Vulnerability Scan
Vulnerability Scan Summary DSA-180-1 nis
Detailed Explanation for this Vulnerability Test
Thorsten Kukuck discovered a problem in the ypserv program which is
part of the Network Information Services (NIS). A memory leak in all
versions of ypserv prior to 2.5 is remotely exploitable. When a
malicious user could request a non-existing map the server will leak
parts of an old domainname and mapname.
This problem has been fixed in version 3.9-6.1 for the current stable
distribution (woody), in version 3.8-2.1 for the old stable
distribution (potato) and in version 3.9-6.2 for the unstable
distribution (sid).
We recommend that you upgrade your nis package.
Solution : http://www.debian.org/security/2002/dsa-180
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|