NetBSD NIS Hostname Lookup Remote Overflow

2000-08-04T00:00:00
ID OSVDB:20777
Type osvdb
Reporter Jun-ichiro itojun Hagino(itojun@openbsd.org)
Modified 2000-08-04T00:00:00

Description

Vulnerability Description

A remote overflow exists in NetBSD. The hostname lookup code of the network information service (NIS) fails to check bounds on incoming match responses (IPv4 addresses) from NIS servers, resulting in a buffer overflow. With a specially crafted request, an attacker can hijack an account or gain elevated privileges, resulting in a loss of integrity.

Technical Description

This vulnerability is only present when the "hosts" line in /etc/nsswitch.conf has "nis" in it.

Solution Description

Upgrade to version 1.4.3 or higher or 1.5 or higher, as it has been reported to fix this vulnerability. In addition, NetBSD has released a patch for some older versions. It is also possible to correct the flaw by implementing the following workaround: turn NIS hostname lookup off by editing /etc/nsswitch.conf and removing "nis" from the "hosts" line.

Short Description

A remote overflow exists in NetBSD. The hostname lookup code of the network information service (NIS) fails to check bounds on incoming match responses (IPv4 addresses) from NIS servers, resulting in a buffer overflow. With a specially crafted request, an attacker can hijack an account or gain elevated privileges, resulting in a loss of integrity.

References:

Vendor URL: http://www.netbsd.org Vendor Specific Solution URL: ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000808-nis Vendor Specific Advisory URL