FreeBSD ypserv securenets Access Control Failure

2006-05-31T00:00:00
ID OSVDB:25852
Type osvdb
Reporter Hokan()
Modified 2006-05-31T00:00:00

Description

Vulnerability Description

FreeBSD contains a flaw that may allow "securenets" access restrictions to be inadvertantly disabled. The issue is triggered when a change in the build process caused ypserv to fail to load or process the networks and hosts specified in the /var/yp/securenets file. It is possible that the flaw may allow access to NIS maps resulting in a loss of integrity.

Solution Description

Upgrade to version 5-STABLE or 6-STABLE, or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, or RELENG_5_3 security branch dated after the correction date or higher, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch for some older versions. It is also possible to correct the flaw by implementing the following workaround: use /etc/hosts.allow for access control or configure a firewall to restrict access.

Short Description

FreeBSD contains a flaw that may allow "securenets" access restrictions to be inadvertantly disabled. The issue is triggered when a change in the build process caused ypserv to fail to load or process the networks and hosts specified in the /var/yp/securenets file. It is possible that the flaw may allow access to NIS maps resulting in a loss of integrity.

References:

Vendor URL: http://www.freebsd.org Vendor Specific Solution URL: http://security.FreeBSD.org/patches/SA-06:15/ypserv.patch.asc Vendor Specific Solution URL: http://security.FreeBSD.org/patches/SA-06:15/ypserv.patch Secunia Advisory ID:20389 Packet Storm: http://packetstormsecurity.org/advisories/freebsd/FreeBSD-SA-06-15.ypserv.txt Other Advisory URL: http://security.freebsd.org/advisories/FreeBSD-SA-06:15.ypserv.asc Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0702.html CVE-2006-2655