Mandrake Linux Security Advisory : ypserv (MDKSA-2000:064)
Critical Nessus Plugin ID 61851
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA format string parsing bug exists in ypbind 3.3 if it is run in debug mode which leaks file descriptors under certain circumstances which can lead to a DoS. In addition, ypbind may suffer from buffer overflows. In the ypserv program, a buffer overflow and format bug exist if the build system does not have vsyslog() or if configure fails to detect it. Both vulnerabilities were discovered by Olaf Kirch <[email protected]>.
SolutionUpdate the affected ypbind and / or ypserv packages.