From security@caldera.com Wed Dec 4 14:35:57 2002 From: security@caldera.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, security-alerts@linuxsecurity.com, full-disclosure@lists.netsys.com Date: Wed, 4 Dec 2002 11:06:20 -0800 Reply-To: please_reply_to_security@caldera.com Subject: [Full-Disclosure] Security Update: [CSSA-2002-054.0] Linux: exploitable memory leak in ypserv To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com ______________________________________________________________________________ SCO Security Advisory Subject: Linux: exploitable memory leak in ypserv Advisory number: CSSA-2002-054.0 Issue date: 2002 December 04 Cross reference: ______________________________________________________________________________ 1. Problem Description Requesting a map that doesn't exist will cause a memory leak in the server. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to nis-client-2.0-23.i386.rpm prior to nis-server-2.0-23.i386.rpm OpenLinux 3.1.1 Workstation prior to nis-client-2.0-23.i386.rpm OpenLinux 3.1 Server prior to nis-client-2.0-23.i386.rpm prior to nis-server-2.0-23.i386.rpm OpenLinux 3.1 Workstation prior to nis-client-2.0-23.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-054.0/RPMS 4.2 Packages f416f2e39a29d419832f3b18c04491a2 nis-client-2.0-23.i386.rpm b86300ae67587b447262d31f123bc12e nis-server-2.0-23.i386.rpm 4.3 Installation rpm -Fvh nis-client-2.0-23.i386.rpm rpm -Fvh nis-server-2.0-23.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-054.0/SRPMS 4.5 Source Packages 477ddd735eaedab628ddacd7c71576fe nis-2.0-23.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-054.0/RPMS 5.2 Packages 09070643b7c116d8df429cdcd66ef798 nis-client-2.0-23.i386.rpm 5.3 Installation rpm -Fvh nis-client-2.0-23.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-054.0/SRPMS 5.5 Source Packages ec0fd36c02cde15d529b7dd8b2ec9592 nis-2.0-23.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-054.0/RPMS 6.2 Packages 6d94363827067eae7b1401d9e560317a nis-client-2.0-23.i386.rpm 0873bfed5da6fff398d491477ced4fe1 nis-server-2.0-23.i386.rpm 6.3 Installation rpm -Fvh nis-client-2.0-23.i386.rpm rpm -Fvh nis-server-2.0-23.i386.rpm 6.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-054.0/SRPMS 6.5 Source Packages 73957cff9e49efc38d0a7b4e5bfb9c37 nis-2.0-23.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-054.0/RPMS 7.2 Packages de89d9852c09c79199dd4a82c4c27481 nis-client-2.0-23.i386.rpm 7.3 Installation rpm -Fvh nis-client-2.0-23.i386.rpm 7.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-054.0/SRPMS 7.5 Source Packages 5bc2cf815670d44e117394e1a98cf28a nis-2.0-23.src.rpm 8. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1232 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr870793, fz526450, erg712149. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 10. Acknowledgements Thorsten Kukuck discovered and researched this vulnerability. ______________________________________________________________________________ [ Part 2, Application/PGP-SIGNATURE 245bytes. ] [ Unable to print this part. ]