Bug 2545
Summary: | /usr/lib/yp/yphelper broken | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | mcornick |
Component: | ypserv | Assignee: | Jay Turner <jturner> |
Status: | CLOSED NEXTRELEASE | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 6.0 | CC: | moore, srevivo |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 1999-06-13 02:07:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
mcornick
1999-05-04 17:34:12 UTC
This bug has SEVERE security problems. If you export a password entry containing 'x' as the password then on all computers using this ypserver that user can log in without any password at all! I've fixed this bug by recompiling the yphelper source file in the ypserv RPM. I've placed the fixed source code file and compiled executable onto the local anon ftp server at: ftp://ettin.pa.msu.edu:/pub/ypserv-bug-fix I don't know exactly how you need to package it for an "official" RPM update so if RedHat can either let me know or just make it themselves from the source code. The fix is just adding a test for 'x' as a password entry. Hope this helps, Roger This is fixed in ypserv-1.3.6.92 (RPM currently in rawhide.) This appears to be fixed in ypserv-1.3.6.92. Please reopen if I'm wrong. |