From owner-freebsd-security Sun Oct 31 10:12:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 8C7B414BDE for ; Sun, 31 Oct 1999 10:12:52 -0800 (PST) (envelope-from cy@cschuber.net.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id KAA17280 for ; Sun, 31 Oct 1999 10:12:51 -0800 Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com" via SMTP by point.osg.gov.bc.ca, id smtpda17278; Sun Oct 31 10:11:59 1999 Received: (from uucp@localhost) by cwsys.cwsent.com (8.9.3/8.9.1) id KAA11168 for ; Sun, 31 Oct 1999 10:11:01 -0800 (PST) Message-Id: <199910311811.KAA11168@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpde11081; Sun Oct 31 10:10:35 1999 X-Mailer: exmh version 2.1.0 09/18/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 3.3-RELEASE X-Sender: cy To: freebsd-security@freebsd.org Subject: [linux-security] Unidentified subject! (fwd) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 31 Oct 1999 10:10:33 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is not our YP server based on the same code as described below? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Province of BC "e**(i*pi)+1=0" ------- Forwarded Message Return-Path: Cy.Schubert@uumail.gov.bc.ca Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id AAA31171 for ; Thu, 28 Oct 1999 00:50:03 -0700 (PDT) Resent-Message-Id: <199910280750.AAA31171@passer.osg.gov.bc.ca> Received: from localhost.osg.gov.bc.ca(127.0.0.1), claiming to be "passer.osg.gov.bc.ca" via SMTP by localhost.osg.gov.bc.ca, id smtpdq31158; Thu Oct 28 00:49:04 1999 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id AAA31150 for ; Thu, 28 Oct 1999 00:49:03 -0700 (PDT) Received: from point.osg.gov.bc.ca(142.32.102.44) via SMTP by passer.osg.gov.bc.ca, id smtpdw31148; Thu Oct 28 00:48:23 1999 Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id AAA06656 for ; Thu, 28 Oct 1999 00:48:23 -0700 Received: from lists.redhat.com(199.183.24.247) via SMTP by point.osg.gov.bc.ca, id smtpda06654; Thu Oct 28 00:48:20 1999 Received: (qmail 10047 invoked by uid 501); 28 Oct 1999 07:48:08 -0000 Prev-Resent-Date: 28 Oct 1999 07:48:08 -0000 Prev-Resent-Cc: recipient list not shown: ; MBOX-Line: From linux-security-request@redhat.com Thu Oct 28 03:48:08 1999 Date: Wed, 27 Oct 1999 22:05:30 -0400 From: Bill Nottingham To: redhat-watch-list@redhat.com Cc: linux-security@redhat.com, bugtraq@securityfocus.com Message-ID: <19991027220530.A1783@xenomorph.redhat.com> Mail-Followup-To: redhat-watch-list@redhat.com, linux-security@redhat.com, bugtraq@securityfocus.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0us Prev-Resent-Message-ID: <"JSreC3.0.iS2.u-_5u"@lists.redhat.com> Prev-Resent-From: linux-security@redhat.com Prev-Resent-Reply-To: linux-security@redhat.com X-Mailing-List: archive/latest/19 X-Loop: linux-security@redhat.com Precedence: list Prev-Resent-Sender: linux-security-request@redhat.com Subject: [linux-security] Unidentified subject! Resent-To: cy Resent-Date: Thu, 28 Oct 1999 00:49:04 -0700 Resent-From: Cy Schubert X-UIDL: aaf8b6b0aa4320a936d418ec30861f97 Status: U - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: security problems with ypserv Advisory ID: RHSA-1999:046-01 Issue date: 1999-10-27 Updated on: 1999-10-27 Keywords: Cross references: ypserv yppasswdd rpc.yppasswdd - --------------------------------------------------------------------- 1. Topic: The ypserv package, which contains the ypserv NIS server and the yppasswdd password-change server, has been discovered to have security holes. 2. Problem description: With ypserv, local administrators in the NIS domain could possibly inject password tables. In rpc.yppasswdd, users could change GECOS and login shells of other users, and there is a buffer overflow in the md5 hash generation. It is recommended that all users of the ypserv package upgrade to the new packages. 3. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): 4. Relevant releases/architectures: Red Hat Linux 4.x, all architectures Red Hat Linux 5.x, all architectures Red Hat Linux 6.x, all architectures 5. Obsoleted by: 6. Conflicts with: 7. RPMs required: Red Hat Linux 4.x: Intel: ftp://updates.redhat.com/4.2/i386/ypserv-1.3.9-0.4.2.i386.rpm Alpha: ftp://updates.redhat.com/4.2/alpha/ypserv-1.3.9-0.4.2.alpha.rpm Sparc: ftp://updates.redhat.com/4.2/sparc/ypserv-1.3.9-0.4.2.sparc.rpm Source packages: ftp://updates.redhat.com/4.2/SRPMS/ypserv-1.3.9-0.4.2.src.rpm Red Hat Linux 5.x: Intel: ftp://updates.redhat.com/5.2/i386/ypserv-1.3.9-0.5.2.i386.rpm Alpha: ftp://updates.redhat.com/5.2/alpha/ypserv-1.3.9-0.5.2.alpha.rpm Sparc: ftp://updates.redhat.com/5.2/sparc/ypserv-1.3.9-0.5.2.sparc.rpm Source packages: ftp://updates.redhat.com/5.2/SRPMS/ypserv-1.3.9-0.5.2.src.rpm Red Hat Linux 6.x: Intel: ftp://updates.redhat.com/6.1/i386/ypserv-1.3.9-1.i386.rpm Alpha: ftp://updates.redhat.com/6.0/alpha/ypserv-1.3.9-1.alpha.rpm Sparc: ftp://updates.redhat.com/6.0/sparc/ypserv-1.3.9-1.sparc.rpm Source packages: ftp://updates.redhat.com/6.1/SRPMS/ypserv-1.3.9-1.src.rpm 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh 'filename' where filename is the name of the RPM. 9. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- d384966683e0c59b7c63d2d0fcba79ce ypserv-1.3.9-0.4.2.i386.rpm e8e860c754e894b955c2ec3e73bcad8d ypserv-1.3.9-0.4.2.alpha.rpm 19cfbc0bf8ef5ed272243d74020b69df ypserv-1.3.9-0.4.2.sparc.rpm df131f369bfb64d1b093447168484e38 ypserv-1.3.9-0.4.2.src.rpm 51a38316e72f25b6751ade459728f049 ypserv-1.3.9-0.5.2.i386.rpm 65da86b0b61ae70b82a5b3fe17b77803 ypserv-1.3.9-0.5.2.alpha.rpm 2956fc958456d5a91d697043932266bd ypserv-1.3.9-0.5.2.sparc.rpm dda2d28bb89cddb9ecb4409778a548f9 ypserv-1.3.9-0.5.2.src.rpm c1a566b7535bb51e25d9c1743f822682 ypserv-1.3.9-1.i386.rpm a8f5a82d450ddb2b42068537859c18ae ypserv-1.3.9-1.alpha.rpm 6759503c9cc688bcd1902f6511ecc60a ypserv-1.3.9-1.sparc.rpm f7e8b5a241c4e873822c83be2f0cf566 ypserv-1.3.9-1.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 10. References: <19991024163423.6665A67B0@Galois.suse.de> - -- - ---------------------------------------------------------------------- Please refer to the information about this list as well as general information about Linux security at http://www.aoy.com/Linux/Security. - ---------------------------------------------------------------------- To unsubscribe: mail -s unsubscribe linux-security-request@redhat.com < /dev/null ------- End of Forwarded Message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message