Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Dan Stromberg (strombrgnis.acs.uci.edu)
Date: Tue May 29 2001 - 13:24:12 CDT
On Tue, May 29, 2001 at 06:38:15AM -0000, bugtraq-ownersecurityfocus.com wrote:
Kukuk's rpc.yppasswdd builds without a great deal of wrestling on
Solaris 2.6. There was one undef function, probably svc_getcaller,
but it's only used in a log message, so it's easy to just eliminate.
This could conceivably be a more complete temporary solution than
setting up noexec_user_stack (though both might be best).
It sure would be nice if Sun would at least acknowledge the problem.
On Mon, May 28, 2001 at 02:14:23PM -0400, Jose Nazario wrote:
> The best solution is to firewall your boxe(s) that are running NIS from
> the internet. However this will not stop the insider attack.
> Sun has not release an official patch for this yet. A workaround 1) would
> be to turn off yppasswdd. This is around line 133 or so in
> /usr/lib/netsvc/yp/ypstart. Just comment it out. The hack doesn't appear
> to work if yppassword is disabled with NIS still running. Please note in
> doing this, yppassword is not running and users cannot change their
> Another work around 2) is if you still need to run yppassword is to do
> the following:
> set noexec_user_stack = 1
> set noexec_user_stack_log = 1
> in /etc/system (after a reboot of course)
> Of course a different exploit could work around that but hopefully this
> will permit people to use yppasswd until a patch is forthcoming. This step
> has not been tested yet.
-- Dan Stromberg UCI/NACS/DCS
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: For info see http://www.gnupg.org
iD8DBQE7E+lLo0feVm00f/8RAgfHAJ9f2tGDwWNmlMVrQvw5Y21OLjwkhwCgiNIB Czl03CPy51pTMDBno+9lH8U= =5N3R -----END PGP SIGNATURE-----