Date: Mon, 8 May 2006 19:04:33 GMT From: Hokan <hokan@me.umn.edu> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/96993: /var/yp/securenets does not function in ypbind on 6.0 and 5.3 Message-ID: <200605081904.k48J4XMl036469@www.freebsd.org> Resent-Message-ID: <200605081910.k48JAJob012082@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 96993 >Category: bin >Synopsis: /var/yp/securenets does not function in ypbind on 6.0 and 5.3 >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon May 08 19:10:18 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Hokan >Release: 6.0 and 5.3 >Organization: University of Minnesota >Environment: FreeBSD rapid.enet.umn.edu 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Fri Jan 20 12:01:56 CST 2006 root@rapid.enet.umn.edu:/usr/src/sys/i386/compile/RAPID i386 FreeBSD temp1.enet.umn.edu 5.3-RELEASE FreeBSD 5.3-RELEASE #1: Tue May 24 14:49:50 CDT 2005 root@temp1.enet.umn.edu:/usr/src/sys/i386/compile/TEMP1 i386 >Description: securenets file is ignored by ypserv. It is (properly?) used by rpc.yppasswdd. On these releases anyone on the net can query NIS maps. In a mixed environment, like ours, the passwd map includes passwords. So anyone can look at our encrypted passwords. >How-To-Repeat: Set up a NIS server with a restrictive securenets file. Bind to that server with a client not authorized with securenets. >Fix: Workaround: use hosts.allow >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605081904.k48J4XMl036469>