Debian Security Advisory
nis -- various security problems in nis
- Date Reported:
- 27 Oct 1999
- Affected Packages:
-
nis
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-1999-0900, CVE-1999-0901, CVE-1999-0902.
- More information:
- The nis package that was distributed with Debian GNU/Linux
2.1 has a couple of problems:
- ypserv allowed any machine in the NIS domain to insert new tables
- rpc.yppasswd had a bufferoverflow in its MD5 code
- rpc.yppasswd allowed users to change the GECOS and loginshell entries of other users
This has been fixed in version 3.5-2. We recommend you upgrade your nis
package immediately.
- Fixed in:
-
- Source:
- http://security.debian.org/dists/stable/updates/source/nis_3.5-2.diff.gz
- http://security.debian.org/dists/stable/updates/source/nis_3.5-2.dsc
- http://security.debian.org/dists/stable/updates/source/nis_3.5.orig.tar.gz
- Alpha:
- http://security.debian.org/dists/stable/updates/binary-alpha/nis_3.5-2_alpha.deb
- i386:
- http://security.debian.org/dists/stable/updates/binary-i386/nis_3.5-2_i386.deb
- m68k:
- http://security.debian.org/dists/stable/updates/binary-m68k/nis_3.5-2_m68k.deb
- sparc:
- http://security.debian.org/dists/stable/updates/binary-sparc/nis_3.5-2_sparc.deb
