Bug 15198 - ypbind binds to unlisted server
Summary: ypbind binds to unlisted server
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: ypbind
Version: 6.2
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Florian La Roche
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-08-03 01:05 UTC by Ian Mortimer
Modified: 2008-05-01 15:37 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2000-08-03 01:05:57 UTC


Attachments (Terms of Use)

Description Ian Mortimer 2000-08-03 01:05:55 UTC
RedHat 6.2: ypbind will bind to a server not listed in /etc/yp.conf
and not listed in /etc/hosts.   This creates a security hole whereby
someone on the same network could set up a NIS server and 
wait for a machine to bind to it.  

Ian

Comment 1 Florian La Roche 2000-08-07 14:10:34 UTC
the current package in the rawhide release doesn't use broadcasts per default,
so this should
be fixed now.

Florian La Roche



Note You need to log in before you can comment on or make changes to this bug.