Originally Published: Tuesday, 26 October 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

SuSE releases ypserv advisory.

Several vulnerability exists: ypserv prior 1.3.9 allows an administrator in the NIS domain to inject password tables; rpc.yppasswd prior 1.3.6.92 has got a buffer overflow in the md5 hash generation [SuSE linux is unaffected by this, other linux falvors are]; rpc.yppasswdd prior 1.3.9 allows users to change GECO and login shell values of other users.