Debian Security Advisory

nis -- local exploit

Date Reported:
14 Oct 2000
Affected Packages:
nis
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2000-1040.
More information:
The version of nis as distributed in Debian GNU/Linux 2.1 and 2.2 contains a ypbind package with a security problem.

ypbind is used to request information from a nis server which is then used by the local machine. The logging code in ypbind was vulnerable to a printf formatting attack which can be exploited by passing ypbind a carefully crafted request. This way ypbind can be made to run arbitrary code as root.

This has been fixed in version 3.5-2.1 for Debian GNU/Linux 2.1 and version 3.8-0.1 for Debian GNU/Linux 2.2.

Note: At this moment, slink security updates for alpha and sparc are no longer being made. Support for i386 and m68k will continue until the end of this month.

Fixed in:

Debian GNU/Linux 2.1 (slink)

Source:
http://security.debian.org/dists/slink/updates/source/nis_3.5-2.1.diff.gz
http://security.debian.org/dists/slink/updates/source/nis_3.5-2.1.dsc
http://security.debian.org/dists/slink/updates/source/nis_3.5.orig.tar.gz
Intel IA32:
http://security.debian.org/dists/slink/updates/binary-i386/nis_3.5-2.1_i386.deb
Motorola 680x0:
http://security.debian.org/dists/slink/updates/binary-m68k/nis_3.5-2.1_m68k.deb

Debian GNU/Linux 2.2 (potato)

Source:
http://security.debian.org/dists/potato/updates/main/source/nis_3.8-0.1.diff.gz
http://security.debian.org/dists/potato/updates/main/source/nis_3.8-0.1.dsc
http://security.debian.org/dists/potato/updates/main/source/nis_3.8.orig.tar.gz
Alpha:
http://security.debian.org/dists/potato/updates/main/binary-alpha/nis_3.8-0.1_alpha.deb
ARM:
http://security.debian.org/dists/potato/updates/main/binary-arm/nis_3.8-0.1_arm.deb
Intel IA32:
http://security.debian.org/dists/potato/updates/main/binary-i386/nis_3.8-0.1_i386.deb
Motorola 680x0:
http://security.debian.org/dists/potato/updates/main/binary-m68k/nis_3.8-0.1_m68k.deb
PowerPC:
http://security.debian.org/dists/potato/updates/main/binary-powerpc/nis_3.8-0.1_powerpc.deb
Sun SPARC:
http://security.debian.org/dists/potato/updates/main/binary-sparc/nis_3.8-0.1_sparc.deb