Red Hat Security Advisory: security problems with ypserv | Linux Today

Red Hat Security Advisory: security problems with ypserv

Written By
Web Webster
Web Webster
Oct 28, 1999

Date: Thu, 28 Oct 1999 12:35:00 -0400
From: Bill Nottingham <<a
href=”mailto:notting@redhat.com”>notting@redhat.com>


Red Hat, Inc. Security Advisory

Synopsis: security problems with ypserv
Advisory ID: RHSA-1999:046-01
Issue date: 1999-10-27
Updated on: 1999-10-27
Keywords:
Cross references: ypserv yppasswdd rpc.yppasswdd


1. Topic:

The ypserv package, which contains the ypserv NIS server and the
yppasswdd password-change server, has been discovered to have
security holes.

2. Problem description:

With ypserv, local administrators in the NIS domain could
possibly inject password tables. In rpc.yppasswdd, users could
change GECOS and login shells of other users, and there is a buffer
overflow in the md5 hash generation.

It is recommended that all users of the ypserv package upgrade
to the new packages.

3. Bug IDs fixed (http://developer.redhat.com/bugzilla
for more info):

4. Relevant releases/architectures:

Red Hat Linux 4.x, all architectures
Red Hat Linux 5.x, all architectures
Red Hat Linux 6.x, all architectures

5. Obsoleted by:

6. Conflicts with:

7. RPMs required:

Red Hat Linux 4.x:

Intel:
ftp://updates.redhat.com/4.2/i386/ypserv-1.3.9-0.4.2.i386.rpm

Alpha:
ftp://updates.redhat.com/4.2/alpha/ypserv-1.3.9-0.4.2.alpha.rpm

Sparc:
ftp://updates.redhat.com/4.2/sparc/ypserv-1.3.9-0.4.2.sparc.rpm

Source packages:
ftp://updates.redhat.com/4.2/SRPMS/ypserv-1.3.9-0.4.2.src.rpm

Red Hat Linux 5.x:

Intel:
ftp://updates.redhat.com/5.2/i386/ypserv-1.3.9-0.5.2.i386.rpm

Alpha:
ftp://updates.redhat.com/5.2/alpha/ypserv-1.3.9-0.5.2.alpha.rpm

Sparc:
ftp://updates.redhat.com/5.2/sparc/ypserv-1.3.9-0.5.2.sparc.rpm

Source packages:
ftp://updates.redhat.com/5.2/SRPMS/ypserv-1.3.9-0.5.2.src.rpm

Red Hat Linux 6.x:

Intel:
ftp://updates.redhat.com/6.1/i386/ypserv-1.3.9-1.i386.rpm

Alpha:
ftp://updates.redhat.com/6.0/alpha/ypserv-1.3.9-1.alpha.rpm

Sparc:
ftp://updates.redhat.com/6.0/sparc/ypserv-1.3.9-1.sparc.rpm

Source packages:
ftp://updates.redhat.com/6.1/SRPMS/ypserv-1.3.9-1.src.rpm

8. Solution:

For each RPM for your particular architecture, run:
rpm -Uvh ‘filename’
where filename is the name of the RPM.

9. Verification:

MD5 sum Package Name


d384966683e0c59b7c63d2d0fcba79ce ypserv-1.3.9-0.4.2.i386.rpm
e8e860c754e894b955c2ec3e73bcad8d ypserv-1.3.9-0.4.2.alpha.rpm
19cfbc0bf8ef5ed272243d74020b69df ypserv-1.3.9-0.4.2.sparc.rpm
df131f369bfb64d1b093447168484e38 ypserv-1.3.9-0.4.2.src.rpm

51a38316e72f25b6751ade459728f049 ypserv-1.3.9-0.5.2.i386.rpm
65da86b0b61ae70b82a5b3fe17b77803 ypserv-1.3.9-0.5.2.alpha.rpm
2956fc958456d5a91d697043932266bd ypserv-1.3.9-0.5.2.sparc.rpm
dda2d28bb89cddb9ecb4409778a548f9 ypserv-1.3.9-0.5.2.src.rpm

c1a566b7535bb51e25d9c1743f822682 ypserv-1.3.9-1.i386.rpm
a8f5a82d450ddb2b42068537859c18ae ypserv-1.3.9-1.alpha.rpm
6759503c9cc688bcd1902f6511ecc60a ypserv-1.3.9-1.sparc.rpm
f7e8b5a241c4e873822c83be2f0cf566 ypserv-1.3.9-1.src.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our
key is available at: http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
rpm –checksig

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
rpm –checksig –nogpg

10. References:
<19991024163423.6665A67B0@Galois.suse.de>:


To unsubscribe: mail redhat-watch-list-request@redhat.com
with “unsubscribe” as the Subject.

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.