Red Hat Security Advisory: ypbind for Red Hat Linux 5.x, 6.xOct 23, 2000, 19:40 (0 Talkback[s])
Date: Mon, 23 Oct 2000 11:55:00 -0400
Red Hat, Inc. Security Advisory Synopsis: ypbind for Red Hat Linux 5.x, 6.x has a local root exploit Advisory ID: RHSA-2000:086-05 Issue date: 2000-10-16 Updated on: 2000-10-23 Product: Red Hat Linux Keywords: ypbind string format buffer overflow syslog Cross references: N/A
ypbind as shipped in Red Hat Linux 5.x and 6.x is vulnerable to a local root exploit. All systems making use of NIS services are encouraged to upgrade.
2. Relevant releases/architectures:
Red Hat Linux 5.0 - i386, alpha, sparc
3. Problem description:
Systems using Network Information Service, or NIS, use a daemon called ypbind to request information from a NIS server. This information is then used by the local machine. The logging code in ypbind is vulnerable to a printf string format attack which an attacker could exploit by passing ypbind a carefully crafted request. This attack can successfully lead to local root access.
This problem has been corrected with these new packages.
If you do not use NIS, you should remove ypbind:
rpm -e ypbind
Otherwise, for each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
You should then make sure that the new ypbind is running by issuing:
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
6. RPMs required:
Red Hat Linux 5.x:
Red Hat Linux 6.x:
MD5 sum Package Name
507ff0e63468e829b2c917789ba2fedd 5.2/SRPMS/ypbind-3.3-10.src.rpmThese packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
You can verify each package with the following command:
If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
Copyright(c) 2000 Red Hat, Inc.