---------------------------------------------------------------------

                   Red Hat, Inc. Security Advisory



Synopsis:               security problems with ypserv

Advisory ID:            RHSA-1999:046-01

Issue date:             1999-10-27

Updated on:             1999-10-27      

Keywords:               

Cross references:       ypserv yppasswdd rpc.yppasswdd

---------------------------------------------------------------------



1. Topic:



The ypserv package, which contains the ypserv NIS server

and the yppasswdd password-change server, has been discovered

to have security holes.



2. Problem description:



With ypserv, local administrators in the NIS domain could

possibly inject password tables. In rpc.yppasswdd, users

could change GECOS and login shells of other users, and

there is a buffer overflow in the md5 hash generation.



It is recommended that all users of the ypserv package upgrade

to the new packages.



3. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info):



4. Relevant releases/architectures:



Red Hat Linux 4.x, all architectures

Red Hat Linux 5.x, all architectures

Red Hat Linux 6.x, all architectures



5. Obsoleted by:



6. Conflicts with:



7. RPMs required:



Red Hat Linux 4.x:



Intel:

  ftp://updates.redhat.com/4.2/i386/ypserv-1.3.9-0.4.2.i386.rpm



Alpha:

  ftp://updates.redhat.com/4.2/alpha/ypserv-1.3.9-0.4.2.alpha.rpm



Sparc:

  ftp://updates.redhat.com/4.2/sparc/ypserv-1.3.9-0.4.2.sparc.rpm



Source packages:

  ftp://updates.redhat.com/4.2/SRPMS/ypserv-1.3.9-0.4.2.src.rpm



Red Hat Linux 5.x:



Intel:

  ftp://updates.redhat.com/5.2/i386/ypserv-1.3.9-0.5.2.i386.rpm



Alpha:

  ftp://updates.redhat.com/5.2/alpha/ypserv-1.3.9-0.5.2.alpha.rpm



Sparc:

  ftp://updates.redhat.com/5.2/sparc/ypserv-1.3.9-0.5.2.sparc.rpm



Source packages:

  ftp://updates.redhat.com/5.2/SRPMS/ypserv-1.3.9-0.5.2.src.rpm



Red Hat Linux 6.x:



Intel:

  ftp://updates.redhat.com/6.1/i386/ypserv-1.3.9-1.i386.rpm



Alpha:

  ftp://updates.redhat.com/6.0/alpha/ypserv-1.3.9-1.alpha.rpm



Sparc:

  ftp://updates.redhat.com/6.0/sparc/ypserv-1.3.9-1.sparc.rpm



Source packages:

  ftp://updates.redhat.com/6.1/SRPMS/ypserv-1.3.9-1.src.rpm



8. Solution:



For each RPM for your particular architecture, run:

    rpm -Uvh 'filename'

where filename is the name of the RPM.



9. Verification:



MD5 sum                           Package Name

--------------------------------------------------------------------------

d384966683e0c59b7c63d2d0fcba79ce  ypserv-1.3.9-0.4.2.i386.rpm

e8e860c754e894b955c2ec3e73bcad8d  ypserv-1.3.9-0.4.2.alpha.rpm

19cfbc0bf8ef5ed272243d74020b69df  ypserv-1.3.9-0.4.2.sparc.rpm

df131f369bfb64d1b093447168484e38  ypserv-1.3.9-0.4.2.src.rpm



51a38316e72f25b6751ade459728f049  ypserv-1.3.9-0.5.2.i386.rpm

65da86b0b61ae70b82a5b3fe17b77803  ypserv-1.3.9-0.5.2.alpha.rpm

2956fc958456d5a91d697043932266bd  ypserv-1.3.9-0.5.2.sparc.rpm

dda2d28bb89cddb9ecb4409778a548f9  ypserv-1.3.9-0.5.2.src.rpm



c1a566b7535bb51e25d9c1743f822682  ypserv-1.3.9-1.i386.rpm

a8f5a82d450ddb2b42068537859c18ae  ypserv-1.3.9-1.alpha.rpm

6759503c9cc688bcd1902f6511ecc60a  ypserv-1.3.9-1.sparc.rpm

f7e8b5a241c4e873822c83be2f0cf566  ypserv-1.3.9-1.src.rpm

 

These packages are GPG signed by Red Hat, Inc. for security.  Our key

is available at:

    http://www.redhat.com/corp/contact.html

 

You can verify each package with the following command:

    rpm --checksig  <filename>



If you only wish to verify that each package has not been corrupted or

tampered with, examine only the md5sum with the following command:

    rpm --checksig --nogpg <filename>



10. References:

<19991024163423.6665A67B0@Galois.suse.de>



-- 

----------------------------------------------------------------------

Please refer to the information about this list as well as general

information about Linux security at http://www.aoy.com/Linux/Security.

----------------------------------------------------------------------



To unsubscribe:

  mail -s unsubscribe linux-security-request@redhat.com < /dev/null