[504] in linux-security and linux-alert archive
Re: 'ypupdated' hole, system crackers.
daemon@ATHENA.MIT.EDU (Greg Spiegelberg)
Wed Dec 6 18:58:26 1995
From: Greg Spiegelberg <greg@owens.ridgecrest.ca.us>
To: juphoff@tarsier.cv.nrao.edu (Jeff Uphoff)
Date: Sun, 3 Dec 1995 21:30:56 -0800 (PST)
Cc: linux-alert@tarsier.cv.nrao.edu, linux-security@tarsier.cv.nrao.edu,
big-linux@netspace.org
In-Reply-To: <199512040028.TAA06752@tarsier.cv.nrao.edu> from "Jeff Uphoff" at Dec 3, 95 07:28:20 pm
Not to downplay the seriousness of this hole, because it does exist,
but myself and my coworkers have found that if you do not run keyserv
on your NIS master/slaves the hole can not be exploited in it's current
form in SunOS 4.1.x.
Whether or not a keyserv exists for Linux I still wouldn't discount
this hole because Linux still runs many ports of the BSD servers.
A few cents more,
Greg.
[mod: quoting trimmed --okir]
--
Greg "TwoTone" Spiegelberg - SAIC
UNIX/NetWare Network & Systems Administrator
greg@ridgecrest.ca.us - RidgeNET, ISP
gspiegel@vislab.navy.mil - Naval Air Warfare Center (Weapons), China Lake, Ca
