aru Posted June 27, 2003 Report Share Posted June 27, 2003 MandrakeSoft Security Advisory MDKSA-2003:072 : ypserv June 27th, 2003 Updated ypserv packages fix DoS vulnerability A vulnerability was found in versions of ypserv prior to version 2.7. If a malicious client were to query ypserv via TCP and subsequently ignore the server's response, ypserv will block attempting to send the reply. The result is that ypserv will fail to respond to other client requests. ypserv 2.7 and above have been altered to fork a child for each client request, which prevents any one request from causing the server to block. The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 8.2/PPC [*] 9.0 [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:072 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0251 http://www.linux-nis.org/nis/ypserv/ChangeLog Posted automatically by aru (mdksec2mub v0.0.6) Link to comment Share on other sites More sharing options...
Recommended Posts