Linux ypbind Local Format String Vulnerability
BID:1824
Info
Linux ypbind Local Format String Vulnerability
| Bugtraq ID: | 1824 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Oct 14 2000 12:00AM |
| Updated: | Oct 14 2000 12:00AM |
| Credit: | First made public in a Debian advisory posted to Bugtraq on Oct 14, 2000. |
| Vulnerable: |
Swen Thuemmler ypbind 3.3 |
| Not Vulnerable: |
Swen Thuemmler ypbind 3.8 -0.1 Swen Thuemmler ypbind 3.5 -2.1 |
Discussion
Exploit / POC
Linux ypbind Local Format String Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Linux ypbind Local Format String Vulnerability
Solution:
RedHat and Debian have both released patches for this vulnerability. S.u.S.E. users should refer to a different vulnerability, BID: 1820 for patch information.
Mandrake Linux:
You can download the updates listed below directly from:
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates
Or try one of the other mirrors listed at:
http://www.linux-mandrake.com/en/ftp.php3.
Updates:
Linux-Mandrake 6.0:
c94e16fe0699ef929c231e9dc02f8416 6.0/RPMS/ypbind-3.3-25mdk.i586.rpm
09c51e63bd71a9ef94d6f6abffad2698 6.0/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696 6.0/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3 6.0/SRPMS/ypserv-1.3.9-4mdk.src.rpm
Linux-Mandrake 6.1:
e4432a5714fb995ea6c272206eff8f40 6.1/RPMS/ypbind-3.3-25mdk.i586.rpm
e7cbe8440877516c8b5dec04ca6429da 6.1/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696 6.1/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3 6.1/SRPMS/ypserv-1.3.9-4mdk.src.rpm
Linux-Mandrake 7.0:
52dcef1933b60d109d752965e9ea0789 7.0/RPMS/ypbind-3.3-25mdk.i586.rpm
bea6a3029a09a7e8e291d742c5d4c08f 7.0/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696 7.0/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3 7.0/SRPMS/ypserv-1.3.9-4mdk.src.rpm
Linux-Mandrake 7.1:
4ca3ef370ecb639c7d8d62900e2f9482 7.1/RPMS/ypbind-3.3-25mdk.i586.rpm
dd943d35562464810c88bceb02d3ee76 7.1/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696 7.1/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3 7.1/SRPMS/ypserv-1.3.9-4mdk.src.rpm
Trustix recently released several updated packages:
RedHat
iputils: Fixes serveral problems in ping including a buffer overflow.
gnupg: Fixed a serious bug which could lead to false signature verification results when more than one signature is fed to gpg.
ypbind: Local root exploit. Linux ypbind
Users of TSL 1.0x and 1.1 that worry about local security should
definitely upgrade.
MD5sums:
9e2bbf3ddd728da4cbab3ece1ba390b7 gnupg-1.0.4-2tr.i586.rpm
43d503eb306f202c794ca064980574ad iputils-20001011-1tr.i586.rpm
8625657f6edea52b88e0cff1dfff4bb4 ypbind-3.3-29tr.i586.rpm
Get them at:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/ or
http://www.trustix.net/download/Trustix/updates/1.1/RPMS/
Swen Thuemmler ypbind 3.3
Solution:
RedHat and Debian have both released patches for this vulnerability. S.u.S.E. users should refer to a different vulnerability, BID: 1820 for patch information.
Mandrake Linux:
You can download the updates listed below directly from:
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates
Or try one of the other mirrors listed at:
http://www.linux-mandrake.com/en/ftp.php3.
Updates:
Linux-Mandrake 6.0:
c94e16fe0699ef929c231e9dc02f8416 6.0/RPMS/ypbind-3.3-25mdk.i586.rpm
09c51e63bd71a9ef94d6f6abffad2698 6.0/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696 6.0/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3 6.0/SRPMS/ypserv-1.3.9-4mdk.src.rpm
Linux-Mandrake 6.1:
e4432a5714fb995ea6c272206eff8f40 6.1/RPMS/ypbind-3.3-25mdk.i586.rpm
e7cbe8440877516c8b5dec04ca6429da 6.1/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696 6.1/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3 6.1/SRPMS/ypserv-1.3.9-4mdk.src.rpm
Linux-Mandrake 7.0:
52dcef1933b60d109d752965e9ea0789 7.0/RPMS/ypbind-3.3-25mdk.i586.rpm
bea6a3029a09a7e8e291d742c5d4c08f 7.0/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696 7.0/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3 7.0/SRPMS/ypserv-1.3.9-4mdk.src.rpm
Linux-Mandrake 7.1:
4ca3ef370ecb639c7d8d62900e2f9482 7.1/RPMS/ypbind-3.3-25mdk.i586.rpm
dd943d35562464810c88bceb02d3ee76 7.1/RPMS/ypserv-1.3.9-4mdk.i586.rpm
9d4a59b36fb30f28ab78745fd30e5696 7.1/SRPMS/ypbind-3.3-25mdk.src.rpm
e8d779c42a6d36bd431e6b1fe7ded7d3 7.1/SRPMS/ypserv-1.3.9-4mdk.src.rpm
Trustix recently released several updated packages:
RedHat
iputils: Fixes serveral problems in ping including a buffer overflow.
gnupg: Fixed a serious bug which could lead to false signature verification results when more than one signature is fed to gpg.
ypbind: Local root exploit. Linux ypbind
Users of TSL 1.0x and 1.1 that worry about local security should
definitely upgrade.
MD5sums:
9e2bbf3ddd728da4cbab3ece1ba390b7 gnupg-1.0.4-2tr.i586.rpm
43d503eb306f202c794ca064980574ad iputils-20001011-1tr.i586.rpm
8625657f6edea52b88e0cff1dfff4bb4 ypbind-3.3-29tr.i586.rpm
Get them at:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/ or
http://www.trustix.net/download/Trustix/updates/1.1/RPMS/
Swen Thuemmler ypbind 3.3
-
Caldera eDesktop 2.4: nis-client-2.0-12
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/RPM S/nis-client-2.0-12.i386.rpm -
Caldera eDesktop 2.4: nis-server-2.0-12
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/RPM S/nis-server-2.0-12.i386.rpm -
Caldera eServer 2.3: nis-client-2.0-12
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/RPMS /nis-client-2.0-12.i386.rpm -
Caldera eServer 2.3: nis-server-2.0-12
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/RPMS /nis-server-2.0-12.i386.rpm -
Caldera OpenLinux 2.3: nis-client-2.0-12
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/RP MS/nis-client-2.0-12.i386.rpm -
Caldera OpenLinux 2.3: nis-server-2.0-12
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/RP MS/nis-server-2.0-12.i386.rpm -
Debian 2.1 i386 nis_3.5-2.1_i386.deb
http://security.debian.org/dists/slink/updates/binary-i386/nis_3.5-2.1 _i386.deb -
Debian 2.1 m68k nis_3.5-2.1_m68k.deb
http://security.debian.org/dists/slink/updates/binary-m68k/nis_3.5-2.1 _m68k.deb -
Debian 2.2 (ppc): nis_3.8-0.1
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ni s_3.8-0.1_powerpc.deb -
Debian 2.2 (sparc): nis_3.8-0.1
http://security.debian.org/dists/stable/updates/main/binary-sparc/nis_ 3.8-0.1_sparc.deb -
Debian 2.2 alpha nis_3.8-0.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/nis_ 3.8-0.1_alpha.deb -
Debian 2.2 arm nis_3.8-0.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/nis_3. 8-0.1_arm.deb -
Debian 2.2 i386 nis_3.8-0.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/nis_3 .8-0.1_i386.de -
Red Hat Inc. 5.2 alpha ypbind-3.3-10.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/ypbind-3.3-10.alpha.rpm -
Red Hat Inc. 5.2 sparc ypbind-3.3-10.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/ypbind-3.3-10.sparc.rpm -
Red Hat Inc. 5.x i386 ypbind-3.3-10.i386.rpm
ftp://updates.redhat.com/5.2/i386/ypbind-3.3-10.i386.rpm -
Red Hat Inc. 6.2 alpha ypbind-1.7-0.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/ypbind-1.7-0.6.x.alpha.rpm -
Red Hat Inc. 6.2 i386 ypbind-1.7-0.6.x.i386.rpm
ftp://updates.redhat.com/6.2/i386/ypbind-1.7-0.6.x.i386.rpm -
Red Hat Inc. 6.2 sparc ypbind-1.7-0.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/ypbind-1.7-0.6.x.sparc.rpm -
Wirex ypbind-1.7-0.6.x_StackGuard.i386
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/ypbind-1.7-0.6. x_StackGuard.i386.rpm
References
Linux ypbind Local Format String Vulnerability
References:
References: