MDKSA-2003:072

Package name

ypserv

Date

2003-06-27

Advisory ID

MDKSA-2003:072

Affected versions

8.2 i586 , CS2.1 i586 , 8.2 i586 , 9.0 i586 , CS2.1 x86_64

Problem description

A vulnerability was found in versions of ypserv prior to version 2.7. If a malicious client were to query ypserv via TCP and subsequently ignore the server's response, ypserv will block attempting to send the reply. The result is that ypserv will fail to respond to other client requests. ypserv 2.7 and above have been altered to fork a child for each client request, which prevents any one request from causing the server to block.

Updated packages

8.2 i586

 234b379b94c17856c12f14a0ba51c00d  ppc/8.2/RPMS/ypserv-2.8-1.1mdk.ppc.rpm
136a45e21de7bb41301c103c5a192ddb  ppc/8.2/SRPMS/ypserv-2.8-1.1mdk.src.rpm

CS2.1 i586

 18a65b2a2cf94da05475a1d8350c0f81  corporate/2.1/RPMS/ypserv-2.8-1.1mdk.i586.rpm
136a45e21de7bb41301c103c5a192ddb  corporate/2.1/SRPMS/ypserv-2.8-1.1mdk.src.rpm

8.2 i586

 8bb9bdd63ddac248fa487459ffd49af1  8.2/RPMS/ypserv-2.8-1.1mdk.i586.rpm
136a45e21de7bb41301c103c5a192ddb  8.2/SRPMS/ypserv-2.8-1.1mdk.src.rpm

9.0 i586

 18a65b2a2cf94da05475a1d8350c0f81  9.0/RPMS/ypserv-2.8-1.1mdk.i586.rpm
136a45e21de7bb41301c103c5a192ddb  9.0/SRPMS/ypserv-2.8-1.1mdk.src.rpm

CS2.1 x86_64

 e47cdbc94ced265da0fd1613c5f103be  x86_64/corporate/2.1/RPMS/ypserv-2.8-1.1mdk.x86_64.rpm
136a45e21de7bb41301c103c5a192ddb  x86_64/corporate/2.1/SRPMS/ypserv-2.8-1.1mdk.src.rpm

References

• http://www.linux-nis.org/nis/ypserv/ChangeLog
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0251