Linux Today: Linux News On Internet Time.

More on LinuxToday

Red Hat Security Advisory: security problems with ypserv

Oct 28, 1999, 18:18 (3 Talkback[s])

Date: Thu, 28 Oct 1999 12:35:00 -0400
From: Bill Nottingham <<a href="">>

Red Hat, Inc. Security Advisory

Synopsis: security problems with ypserv
Advisory ID: RHSA-1999:046-01
Issue date: 1999-10-27
Updated on: 1999-10-27
Cross references: ypserv yppasswdd rpc.yppasswdd

1. Topic:

The ypserv package, which contains the ypserv NIS server and the yppasswdd password-change server, has been discovered to have security holes.

2. Problem description:

With ypserv, local administrators in the NIS domain could possibly inject password tables. In rpc.yppasswdd, users could change GECOS and login shells of other users, and there is a buffer overflow in the md5 hash generation.

It is recommended that all users of the ypserv package upgrade to the new packages.

3. Bug IDs fixed ( for more info):

4. Relevant releases/architectures:

Red Hat Linux 4.x, all architectures
Red Hat Linux 5.x, all architectures
Red Hat Linux 6.x, all architectures

5. Obsoleted by:

6. Conflicts with:

7. RPMs required:

Red Hat Linux 4.x:




Source packages:

Red Hat Linux 5.x:




Source packages:

Red Hat Linux 6.x:




Source packages:

8. Solution:

For each RPM for your particular architecture, run:
rpm -Uvh 'filename'
where filename is the name of the RPM.

9. Verification:

MD5 sum Package Name

d384966683e0c59b7c63d2d0fcba79ce ypserv-1.3.9-0.4.2.i386.rpm
e8e860c754e894b955c2ec3e73bcad8d ypserv-1.3.9-0.4.2.alpha.rpm
19cfbc0bf8ef5ed272243d74020b69df ypserv-1.3.9-0.4.2.sparc.rpm
df131f369bfb64d1b093447168484e38 ypserv-1.3.9-0.4.2.src.rpm

51a38316e72f25b6751ade459728f049 ypserv-1.3.9-0.5.2.i386.rpm
65da86b0b61ae70b82a5b3fe17b77803 ypserv-1.3.9-0.5.2.alpha.rpm
2956fc958456d5a91d697043932266bd ypserv-1.3.9-0.5.2.sparc.rpm
dda2d28bb89cddb9ecb4409778a548f9 ypserv-1.3.9-0.5.2.src.rpm

c1a566b7535bb51e25d9c1743f822682 ypserv-1.3.9-1.i386.rpm
a8f5a82d450ddb2b42068537859c18ae ypserv-1.3.9-1.alpha.rpm
6759503c9cc688bcd1902f6511ecc60a ypserv-1.3.9-1.sparc.rpm
f7e8b5a241c4e873822c83be2f0cf566 ypserv-1.3.9-1.src.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:

You can verify each package with the following command:
rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg

10. References: <>:

To unsubscribe: mail with "unsubscribe" as the Subject.