Lucene search

K
osvGoogleOSV:DSA-180
HistoryOct 21, 2002 - 12:00 a.m.

nis - information leak

2002-10-2100:00:00
Google
osv.dev
10

EPSS

0.037

Percentile

91.9%

Thorsten Kukuck discovered a problem in the ypserv program which is
part of the Network Information Services (NIS). A memory leak in all
versions of ypserv prior to 2.5 is remotely exploitable. When a
malicious user could request a non-existing map the server will leak
parts of an old domainname and mapname.

This problem has been fixed in version 3.9-6.1 for the current stable
distribution (woody), in version 3.8-2.1 for the old stable
distribution (potato) and in version 3.9-6.2 for the unstable
distribution (sid).

We recommend that you upgrade your nis package.

EPSS

0.037

Percentile

91.9%