Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: General :: ypbind.htm

Ypbind - run arbitrary code as root



Vulnerability

    ypbind (NIS)

Affected

    ypbind (NIS)

Description

    Following is based on a Debian Security Advisory.  The version  of
    nis as  distributed in  Debian GNU/Linux  2.1 and  2.2 contains an
    ypbind package with a security problem.

    ypbind is used to request  information from a nis server  which is
    then used by the  local machine.  The  logging code in ypbind  was
    vulnerable to a printf formating attack which can be exploited  by
    passing ypbind a carefully crafted  request.  This way ypbind  can
    be made to run arbitrary code as root.

Solution

    This has been  fixed in version  3.5-2.1 for Debian  GNU/Linux 2.1
    and version 3.8-0.1 for Debian GNU/Linux 2.2:

        http://security.debian.org/dists/slink/updates/source/nis_3.5-2.1.diff.gz
        http://security.debian.org/dists/slink/updates/source/nis_3.5-2.1.dsc
        http://security.debian.org/dists/slink/updates/source/nis_3.5.orig.tar.gz
        http://security.debian.org/dists/slink/updates/binary-i386/nis_3.5-2.1_i386.deb
        http://security.debian.org/dists/slink/updates/binary-m68k/nis_3.5-2.1_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/nis_3.8-0.1_alpha.deb
        http://security.debian.org/dists/stable/updates/main/source/nis_3.8-0.1.diff.gz
        http://security.debian.org/dists/stable/updates/main/source/nis_3.8-0.1.dsc
        http://security.debian.org/dists/stable/updates/main/source/nis_3.8.orig.tar.gz
        http://security.debian.org/dists/stable/updates/main/binary-arm/nis_3.8-0.1_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/nis_3.8-0.1_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/nis_3.8-0.1_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/nis_3.8-0.1_sparc.deb

    For SuSE:

        SuSE-7.0: ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/ypclient-3.5-89.i386.rpm
                  ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/ypserv-1.3.11-89.src.rpm
                  ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/ypclient-3.5-89.sparc.rpm
                  ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/ypserv-1.3.11-89.src.rpm

        SuSE-6.4: ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/ypclient-3.4-95.i386.rpm
                  ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/ypserv-1.3.11-95.src.rpm
                  ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/ypclient-3.4-95.alpha.rpm
                  ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/ypserv-1.3.11-95.src.rpm
                  ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/ypclient-3.4-95.ppc.rpm
                  ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/ypserv-1.3.11-95.src.rpm

        SuSE-6.3: ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/ypclient-3.4-95.i386.rpm
                  ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/ypserv-1.3.11-95.src.rpm
                  ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/ypclient-3.4-95.alpha.rpm
                  ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/ypserv-1.3.11-95.src.rpm

        SuSE-6.2: ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/ypclient-3.4-95.i386.rpm
                  ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/ypserv-1.3.11-95.src.rpm

        SuSE-6.1 and older: Please see the problem description above.

    For RedHat:

        ftp://updates.redhat.com/5.2/alpha/ypbind-3.3-10.alpha.rpm
        ftp://updates.redhat.com/5.2/sparc/ypbind-3.3-10.sparc.rpm
        ftp://updates.redhat.com/5.2/i386/ypbind-3.3-10.i386.rpm
        ftp://updates.redhat.com/5.2/SRPMS/ypbind-3.3-10.src.rpm
        ftp://updates.redhat.com/6.2/alpha/ypbind-1.7-0.6.x.alpha.rpm
        ftp://updates.redhat.com/6.2/sparc/ypbind-1.7-0.6.x.sparc.rpm
        ftp://updates.redhat.com/6.2/i386/ypbind-1.7-0.6.x.i386.rpm
        ftp://updates.redhat.com/6.2/SRPMS/ypbind-1.7-0.6.x.src.rpm

    For Linux-Mandrake:

        Linux-Mandrake 6.0: 6.0/RPMS/ypbind-3.3-25mdk.i586.rpm
                            6.0/RPMS/ypserv-1.3.9-4mdk.i586.rpm
                            6.0/SRPMS/ypbind-3.3-25mdk.src.rpm
                            6.0/SRPMS/ypserv-1.3.9-4mdk.src.rpm

        Linux-Mandrake 6.1: 6.1/RPMS/ypbind-3.3-25mdk.i586.rpm
                            6.1/RPMS/ypserv-1.3.9-4mdk.i586.rpm
                            6.1/SRPMS/ypbind-3.3-25mdk.src.rpm
                            6.1/SRPMS/ypserv-1.3.9-4mdk.src.rpm

        Linux-Mandrake 7.0: 7.0/RPMS/ypbind-3.3-25mdk.i586.rpm
                            7.0/RPMS/ypserv-1.3.9-4mdk.i586.rpm
                            7.0/SRPMS/ypbind-3.3-25mdk.src.rpm
                            7.0/SRPMS/ypserv-1.3.9-4mdk.src.rpm

        Linux-Mandrake 7.1: 7.1/RPMS/ypbind-3.3-25mdk.i586.rpm
                            7.1/RPMS/ypserv-1.3.9-4mdk.i586.rpm
                            7.1/SRPMS/ypbind-3.3-25mdk.src.rpm
                            7.1/SRPMS/ypserv-1.3.9-4mdk.src.rpm

    Update for  Immunix OS  6.2 (StackGuarded  versions of  the RedHat
    packages) they can be found at:

        http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/ypbind-1.7-0.6.x_StackGuard.i386.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/ypbind-1.7-0.6.x_StackGuard.src.rpm

    For Caldera:

    - OpenLinux Desktop 2.3
      ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
      ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
            RPMS/nis-client-2.0-12.i386.rpm
            RPMS/nis-server-2.0-12.i386.rpm
            SRPMS/nis-2.0-12.src.rpm

    - OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
      ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
      ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
            RPMS/nis-client-2.0-12.i386.rpm
            RPMS/nis-server-2.0-12.i386.rpm
            SRPMS/nis-2.0-12.src.rpm

    - OpenLinux eDesktop 2.4
      ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
      ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
            RPMS/nis-client-2.0-12.i386.rpm
            RPMS/nis-server-2.0-12.i386.rpm
            SRPMS/nis-2.0-12.src.rpm

    Trustix released updated package:

        ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/ypbind-3.3-29tr.i586.rpm
        http://www.trustix.net/download/Trustix/updates/1.1/RPMS/ypbind-3.3-29tr.i586.rpm


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH