Red Hat Linux "ypbind" Vulnerability
Privacy and Legal Notice
CIAC INFORMATION BULLETIN
L-009: Red Hat Linux "ypbind" Vulnerability
October 23, 2000 23:00 GMT
PROBLEM: Red Hat has identified a vulnerability in "ypbind".
PLATFORM: Red Hat Linux 5.x and 6.x
DAMAGE: The logging code in "ypbind" is vulnerable to a printf string
format attack that may lead to local root access.
SOLUTION: If not needed remove "ypbind" or apply appropriate patches as
indicated below.
VULNERABILITY Risk is MEDIUM. The vulnerability affects system security and
ASSESSMENT: is publicly known. All systems making use of NIS services are
encouraged to upgrade.
[****** Start Red Hat Security Advisory ******]
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: ypbind for Red Hat Linux 5.x, 6.x has a local root exploit
Advisory ID: RHSA-2000:086-05
Issue date: 2000-10-16
Updated on: 2000-10-23
Product: Red Hat Linux
Keywords: ypbind string format buffer overflow syslog
Cross references: N/A
---------------------------------------------------------------------
1. Topic:
ypbind as shipped in Red Hat Linux 5.x and 6.x is vulnerable to a local
root exploit. All systems making use of NIS services are encouraged to
upgrade.
2. Relevant releases/architectures:
Red Hat Linux 5.0 - i386, alpha, sparc
Red Hat Linux 5.1 - i386, alpha, sparc
Red Hat Linux 5.2 - i386, alpha, sparc
Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc
Red Hat Linux 6.2EE - i386, alpha, sparc
3. Problem description:
Systems using Network Information Service, or NIS, use a daemon called
ypbind to request information from a NIS server. This information is then
used by the local machine. The logging code in ypbind is vulnerable to a
printf string format attack which an attacker could exploit by passing
ypbind a carefully crafted request. This attack can successfully lead to
local root access.
This problem has been corrected with these new packages.
4. Solution:
If you do not use NIS, you should remove ypbind:
rpm -e ypbind
Otherwise, for each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
You should then make sure that the new ypbind is running by issuing:
/etc/rc.d/init.d/ypbind restart
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
N/A
6. RPMs required:
Red Hat Linux 5.x:
alpha:
ftp://updates.redhat.com/5.2/alpha/ypbind-3.3-10.alpha.rpm
sparc:
ftp://updates.redhat.com/5.2/sparc/ypbind-3.3-10.sparc.rpm
i386:
ftp://updates.redhat.com/5.2/i386/ypbind-3.3-10.i386.rpm
sources:
ftp://updates.redhat.com/5.2/SRPMS/ypbind-3.3-10.src.rpm
Red Hat Linux 6.x:
alpha:
ftp://updates.redhat.com/6.2/alpha/ypbind-1.7-0.6.x.alpha.rpm
sparc:
ftp://updates.redhat.com/6.2/sparc/ypbind-1.7-0.6.x.sparc.rpm
i386:
ftp://updates.redhat.com/6.2/i386/ypbind-1.7-0.6.x.i386.rpm
sources:
ftp://updates.redhat.com/6.2/SRPMS/ypbind-1.7-0.6.x.src.rpm
7. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
507ff0e63468e829b2c917789ba2fedd 5.2/SRPMS/ypbind-3.3-10.src.rpm
127274f9828d27f895e8d8eee8d38db6 5.2/alpha/ypbind-3.3-10.alpha.rpm
7bbf68a42a3c996c6f69b5ffaf2911f7 5.2/i386/ypbind-3.3-10.i386.rpm
3d0cd8b8700182b9b815525e1f99c82d 5.2/sparc/ypbind-3.3-10.sparc.rpm
d8caa439a1b6c7b26f843bacd01c65f8 6.2/SRPMS/ypbind-1.7-0.6.x.src.rpm
3a426e3060d31aa37b2a41d973ac3f63 6.2/alpha/ypbind-1.7-0.6.x.alpha.rpm
411017238af9a0a8891bd3078547336c 6.2/i386/ypbind-1.7-0.6.x.i386.rpm
3beff51d6a0292fd9d50fe24d07097ac 6.2/sparc/ypbind-1.7-0.6.x.sparc.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg
8. References:
N/A
Copyright(c) 2000 Red Hat, Inc.
[****** End Red Hat Security Advisory ******]
CIAC wishes to acknowledge the contributions of Red Hat, Inc. for the
information contained in this bulletin.
CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7 x 24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@llnl.gov
World Wide Web: http://www.ciac.org/
http://ciac.llnl.gov
(same machine -- either one will work)
Anonymous FTP: ftp.ciac.org
ciac.llnl.gov
(same machine -- either one will work)
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
UCRL-MI-119788
[Privacy and Legal Notice]
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
