ypbind for Red Hat Linux 5.x, 6.x has a local root exploit

Advisory:	RHSA-2000:086-05
Type:	Security Advisory
Severity:	N/A
Issued on:	2000-11-08
Last updated on:	2000-11-08
Affected Products:	Red Hat Linux 6.2
OVAL:	N/A
CVEs (cve.mitre.org):	CVE-2000-1040

Details

ypbind as shipped in Red Hat Linux 5.x and 6.x is vulnerable to a local
root exploit. All systems making use of NIS services are encouraged to
upgrade.

Systems using Network Information Service, or NIS, use a daemon called
ypbind to request information from a NIS server. This information is then
used by the local machine. The logging code in ypbind is vulnerable to a
printf string format attack which an attacker could exploit by passing
ypbind a carefully crafted request. This attack can successfully lead to
local root access.

This problem has been corrected with these new packages.

Solution

If you do not use NIS, you should remove ypbind:

rpm -e ypbind

Otherwise, for each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

You should then make sure that the new ypbind is running by issuing:

/etc/rc.d/init.d/ypbind restart

Updated packages

Red Hat Linux 6.2

alpha:
ftp://updates.redhat.com/6.2/alpha/ypbind-1.7-0.6.x.alpha.rpm Missing file	`3a426e3060d31aa37b2a41d973ac3f63`

i386:
ftp://updates.redhat.com/6.2/i386/ypbind-1.7-0.6.x.i386.rpm Missing file	`411017238af9a0a8891bd3078547336c`

sparc:
ftp://updates.redhat.com/6.2/sparc/ypbind-1.7-0.6.x.sparc.rpm Missing file	`3beff51d6a0292fd9d50fe24d07097ac`

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1040
N/A

Keywords

syslog

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/