Detections
Analytics

Mandrake Linux Security Advisory : ypserv (MDKSA-2003:072)

medium Nessus Plugin ID 14055

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

A vulnerability was found in versions of ypserv prior to version 2.7.
If a malicious client were to query ypserv via TCP and subsequently ignore the server's response, ypserv will block attempting to send the reply. The result is that ypserv will fail to respond to other client requests. ypserv 2.7 and above have been altered to fork a child for each client request, which prevents any one request from causing the server to block.

Solution

Update the affected ypserv package.

See Also

http://www.linux-nis.org/nis/ypserv/ChangeLog

Plugin Details

Severity: Medium

ID: 14055

File Name: mandrake_MDKSA-2003-072.nasl

Version: 1.17

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:ypserv, cpe:/o:mandrakesoft:mandrake_linux:8.2, cpe:/o:mandrakesoft:mandrake_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 6/27/2003

Reference Information

CVE: CVE-2003-0251

MDKSA: 2003:072