Mandrake Linux Security Advisory : ypserv (MDKSA-2000:064)
Critical Nessus Plugin ID 61851
The remote Mandrake Linux host is missing one or more security updates.
A format string parsing bug exists in ypbind 3.3 if it is run in debug mode which leaks file descriptors under certain circumstances which can lead to a DoS. In addition, ypbind may suffer from buffer overflows. In the ypserv program, a buffer overflow and format bug exist if the build system does not have vsyslog() or if configure fails to detect it. Both vulnerabilities were discovered by Olaf Kirch <[email protected]>.
Update the affected ypbind and / or ypserv packages.