VULHUB ™

ypserv releases previous to 1.3.9 contain two different vulnerabilties: Any NIS domain administrator can inject password tables, and users can modify the GECOS field and login shell values for other users. Also, rpc.yppasswd prior 1.3.6.92 has a standard buffer overflow problem in the md5 hash generation code.

ypserv releases previous to 1.3.9 contain two different vulnerabilties: Any NIS domain administrator can inject password tables, and users can modify the GECOS field and login shell values for other users. Also, rpc.yppasswd prior 1.3.6.92 has a standard buffer overflow problem in the md5 hash generation code.