Scientific Linux Security Update : ypbind on SL3.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing a security update.

Description :

This updated package fixes the following bugs :

- after a NIS server change, for example, after a server
failure, ypbind corrupted files in the
'/var/yp/binding/' directory. As well, these files were
not updated, possibly causing old information to be
retained. In these situations, glibc attempted to read
the incorrect information, resulting in errors such as
'RPC: Unable to receive
errno = Connection refused'.

- by default, NIS clients pinged NIS servers every 20
seconds. In large deployments, this added extra load,
and could possibly cause a denial of service. In this
updated package, a new 'ypbind' option,
'-ping-interval', has been added, which allows
administrators to configure the ping interval value.

See also :

http://www.nessus.org/u?86f35f6b

Solution :

Update the affected ypbind package.

Risk factor :

High

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60411 ()

Bugtraq ID:

CVE ID: