Login
Newsletter
Werbung
Sicherheit: Speicherleck in ypserv
Aktuelle Meldungen Distributionen
Name: Speicherleck in ypserv
ID: CSSA-2002-054.0
Distribution: Caldera
Plattformen: Caldera Server 3.1, Caldera Workstation 3.1, Caldera Server 3.1.1, Caldera Workstation 3.1.1
Datum: Do, 5. Dezember 2002, 12:00
Referenzen: Keine Angabe
Applikationen: ypserv

Originalnachricht

 
--HlL+5n6rz5pIUxbD
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com
 security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com

______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: exploitable memory leak in ypserv
Advisory number: 	CSSA-2002-054.0
Issue date: 		2002 December 04
Cross reference:
______________________________________________________________________________


1. Problem Description

	Requesting a map that doesn't exist will cause a memory leak in
	the server.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to nis-client-2.0-23.i386.rpm
					prior to nis-server-2.0-23.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to nis-client-2.0-23.i386.rpm

	OpenLinux 3.1 Server		prior to nis-client-2.0-23.i386.rpm
					prior to nis-server-2.0-23.i386.rpm

	OpenLinux 3.1 Workstation	prior to nis-client-2.0-23.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-054.0/RPMS

	4.2 Packages

	f416f2e39a29d419832f3b18c04491a2	nis-client-2.0-23.i386.rpm
	b86300ae67587b447262d31f123bc12e	nis-server-2.0-23.i386.rpm

	4.3 Installation

	rpm -Fvh nis-client-2.0-23.i386.rpm
	rpm -Fvh nis-server-2.0-23.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-054.0/SRPMS

	4.5 Source Packages

	477ddd735eaedab628ddacd7c71576fe	nis-2.0-23.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-054.0/RPMS

	5.2 Packages

	09070643b7c116d8df429cdcd66ef798	nis-client-2.0-23.i386.rpm

	5.3 Installation

	rpm -Fvh nis-client-2.0-23.i386.rpm

	5.4 Source Package Location

	SRPMS

	5.5 Source Packages

	ec0fd36c02cde15d529b7dd8b2ec9592	nis-2.0-23.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-054.0/RPMS

	6.2 Packages

	6d94363827067eae7b1401d9e560317a	nis-client-2.0-23.i386.rpm
	0873bfed5da6fff398d491477ced4fe1	nis-server-2.0-23.i386.rpm

	6.3 Installation

	rpm -Fvh nis-client-2.0-23.i386.rpm
	rpm -Fvh nis-server-2.0-23.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-054.0/SRPMS

	6.5 Source Packages

	73957cff9e49efc38d0a7b4e5bfb9c37	nis-2.0-23.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-054.0/RPMS

	7.2 Packages

	de89d9852c09c79199dd4a82c4c27481	nis-client-2.0-23.i386.rpm

	7.3 Installation

	rpm -Fvh nis-client-2.0-23.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-054.0/SRPMS

	7.5 Source Packages

	5bc2cf815670d44e117394e1a98cf28a	nis-2.0-23.src.rpm


8. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1232

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr870793, fz526450,
	erg712149.


9. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


10. Acknowledgements

	Thorsten Kukuck discovered and researched this vulnerability.

______________________________________________________________________________

--HlL+5n6rz5pIUxbD
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj3uUiwACgkQbluZssSXDTF/xACfRYrJAJsUP0JDqB/xlpiuPQqT
k6EAnRWEo6FLklxdpRfylsGt7QEGzLFy
=COmk
-----END PGP SIGNATURE-----

--HlL+5n6rz5pIUxbD--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung