Debian Security Advisory

nis -- local exploit

Date Reported:

14 Oct 2000

Affected Packages:

nis

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2000-1040.

More information:

The version of nis as distributed in Debian GNU/Linux 2.1 and 2.2 contains a ypbind package with a security problem.

ypbind is used to request information from a nis server which is then used by the local machine. The logging code in ypbind was vulnerable to a printf formatting attack which can be exploited by passing ypbind a carefully crafted request. This way ypbind can be made to run arbitrary code as root.

This has been fixed in version 3.5-2.1 for Debian GNU/Linux 2.1 and version 3.8-0.1 for Debian GNU/Linux 2.2.

Note: At this moment, slink security updates for alpha and sparc are no longer being made. Support for i386 and m68k will continue until the end of this month.

Fixed in:

Debian GNU/Linux 2.1 (slink)

Source:: http://security.debian.org/dists/slink/updates/source/nis_3.5-2.1.diff.gz; http://security.debian.org/dists/slink/updates/source/nis_3.5-2.1.dsc; http://security.debian.org/dists/slink/updates/source/nis_3.5.orig.tar.gz
Intel IA32:: http://security.debian.org/dists/slink/updates/binary-i386/nis_3.5-2.1_i386.deb
Motorola 680x0:: http://security.debian.org/dists/slink/updates/binary-m68k/nis_3.5-2.1_m68k.deb

Debian GNU/Linux 2.2 (potato)

Source:: http://security.debian.org/dists/potato/updates/main/source/nis_3.8-0.1.diff.gz; http://security.debian.org/dists/potato/updates/main/source/nis_3.8-0.1.dsc; http://security.debian.org/dists/potato/updates/main/source/nis_3.8.orig.tar.gz
Alpha:: http://security.debian.org/dists/potato/updates/main/binary-alpha/nis_3.8-0.1_alpha.deb
ARM:: http://security.debian.org/dists/potato/updates/main/binary-arm/nis_3.8-0.1_arm.deb
Intel IA32:: http://security.debian.org/dists/potato/updates/main/binary-i386/nis_3.8-0.1_i386.deb
Motorola 680x0:: http://security.debian.org/dists/potato/updates/main/binary-m68k/nis_3.8-0.1_m68k.deb
PowerPC:: http://security.debian.org/dists/potato/updates/main/binary-powerpc/nis_3.8-0.1_powerpc.deb
Sun SPARC:: http://security.debian.org/dists/potato/updates/main/binary-sparc/nis_3.8-0.1_sparc.deb