Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » [CSSA-2002-054.0] Linux: exploitable memory leak in ypserv

[CSSA-2002-054.0] Linux: exploitable memory leak in ypserv

by Nikola Strahija on December 4th, 2002 Requesting a map that doesn't xxist will cause a memory leak in the server.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to nis-client-2.0-23.i386.rpm
prior to nis-server-2.0-23.i386.rpm

OpenLinux 3.1.1 Workstation prior to nis-client-2.0-23.i386.rpm

OpenLinux 3.1 Server prior to nis-client-2.0-23.i386.rpm
prior to nis-server-2.0-23.i386.rpm

OpenLinux 3.1 Workstation prior to nis-client-2.0-23.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-054.0/RPMS

4.2 Packages

f416f2e39a29d419832f3b18c04491a2 nis-client-2.0-23.i386.rpm
b86300ae67587b447262d31f123bc12e nis-server-2.0-23.i386.rpm

4.3 Installation

rpm -Fvh nis-client-2.0-23.i386.rpm
rpm -Fvh nis-server-2.0-23.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-054.0/SRPMS

4.5 Source Packages

477ddd735eaedab628ddacd7c71576fe nis-2.0-23.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-054.0/RPMS

5.2 Packages

09070643b7c116d8df429cdcd66ef798 nis-client-2.0-23.i386.rpm

5.3 Installation

rpm -Fvh nis-client-2.0-23.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-054.0/SRPMS

5.5 Source Packages

ec0fd36c02cde15d529b7dd8b2ec9592 nis-2.0-23.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-054.0/RPMS

6.2 Packages

6d94363827067eae7b1401d9e560317a nis-client-2.0-23.i386.rpm
0873bfed5da6fff398d491477ced4fe1 nis-server-2.0-23.i386.rpm

6.3 Installation

rpm -Fvh nis-client-2.0-23.i386.rpm
rpm -Fvh nis-server-2.0-23.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-054.0/SRPMS

6.5 Source Packages

73957cff9e49efc38d0a7b4e5bfb9c37 nis-2.0-23.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-054.0/RPMS

7.2 Packages

de89d9852c09c79199dd4a82c4c27481 nis-client-2.0-23.i386.rpm

7.3 Installation

rpm -Fvh nis-client-2.0-23.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-054.0/SRPMS

7.5 Source Packages

5bc2cf815670d44e117394e1a98cf28a nis-2.0-23.src.rpm


8. References

Specific references for this advisory:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1232

SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr870793, fz526450,
erg712149.


9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


10. Acknowledgements

Thorsten Kukuck discovered and researched this vulnerability.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »