VULHUB ™

Several vulnerabilities exist: ypserv prior 1.3.9 allows an administrator in the NIS domain to inject password tables; rpc.yppasswd prior 1.3.6.92 has got a buffer overflow in the md5 hash generation [SuSE linux is unaffected by this, other linux falvors are]; rpc.yppasswdd prior 1.3.9 allows users to change GECO and login shell values of other users. Affected are all linux distributions using the ypserv package. Website for patches here.

Several vulnerabilities exist: ypserv prior 1.3.9 allows an administrator in the NIS domain to inject password tables; rpc.yppasswd prior 1.3.6.92 has got a buffer overflow in the md5 hash generation [SuSE linux is unaffected by this, other linux falvors are]; rpc.yppasswdd prior 1.3.9 allows users to change GECO and login shell values of other users. Affected are all linux distributions using the ypserv package. Website for patches here.