(RHSA-2003:201) ypserv security update

ID RHSA-2003:201
Type redhat
Reporter RedHat
Modified 2018-03-14T19:27:49


The ypserv package contains the Network Information Service (NIS) server.

A vulnerability has been discovered in the ypserv NIS server prior to version 2.7. If a malicious client queries ypserv via TCP and subsequently ignores the server's response, ypserv will block attempting to send the reply. This results in ypserv failing to respond to other client requests.

Versions 2.7 and above of ypserv have been altered to fork a child for each client request, thus preventing any one request from causing the server to block.

Red Hat recommends that users of NIS upgrade to these packages, which contain version 2.8.0 of ypserv and are therefore not vulnerable to this issue.