MDKSA-2000:064

Package name

ypserv

Date

2000-10-23

Advisory ID

MDKSA-2000:064

Affected versions

6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586

Problem description

A format string parsing bug exists in ypbind 3.3 if it is run in debug mode which leaks file descriptors under certain circumstances which can lead to a DoS. In addition, ypbind may suffer from buffer overflows. In the ypserv program, a buffer overflow and format bug exist if the build system does not have vsyslog() or if configure fails to detect it. Both vulnerabilities were discovered by Olaf Kirch .

Updated packages

6.1 i586

 e4432a5714fb995ea6c272206eff8f40  6.1/RPMS/ypbind-3.3-25mdk.i586.rpm
e7cbe8440877516c8b5dec04ca6429da  6.1/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696  6.1/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3  6.1/SRPMS/ypserv-1.3.9-4mdk.src.rpm

6.0 i586

 c94e16fe0699ef929c231e9dc02f8416  6.0/RPMS/ypbind-3.3-25mdk.i586.rpm
09c51e63bd71a9ef94d6f6abffad2698  6.0/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696  6.0/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3  6.0/SRPMS/ypserv-1.3.9-4mdk.src.rpm

7.0 i586

 52dcef1933b60d109d752965e9ea0789  7.0/RPMS/ypbind-3.3-25mdk.i586.rpm
bea6a3029a09a7e8e291d742c5d4c08f  7.0/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696  7.0/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3  7.0/SRPMS/ypserv-1.3.9-4mdk.src.rpm

7.1 i586

 4ca3ef370ecb639c7d8d62900e2f9482  7.1/RPMS/ypbind-3.3-25mdk.i586.rpm
dd943d35562464810c88bceb02d3ee76  7.1/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696  7.1/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3  7.1/SRPMS/ypserv-1.3.9-4mdk.src.rpm