Bug 15198

Summary: ypbind binds to unlisted server
Product: [Retired] Red Hat Linux Reporter: Ian Mortimer <i.mortimer>
Component: ypbindAssignee: Florian La Roche <laroche>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: 6.2Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-08-03 01:05:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Ian Mortimer 2000-08-03 01:05:55 UTC
RedHat 6.2: ypbind will bind to a server not listed in /etc/yp.conf
and not listed in /etc/hosts.   This creates a security hole whereby
someone on the same network could set up a NIS server and 
wait for a machine to bind to it.  

Ian

Comment 1 Florian La Roche 2000-08-07 14:10:34 UTC
the current package in the rawhide release doesn't use broadcasts per default,
so this should
be fixed now.

Florian La Roche