[20810] in bugtraq
Re: Returned post for bugtraq@securityfocus.com
daemon@ATHENA.MIT.EDU (Dan Stromberg)
Wed May 30 14:21:20 2001
Date: Tue, 29 May 2001 11:24:12 -0700
From: Dan Stromberg <strombrg@nis.acs.uci.edu>
To: bugtraq@securityfocus.com
Message-ID: <20010529112412.C3281@seki.acs.uci.edu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="8X7/QrJGcKSMr1RN"
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.30.0105281412380.28508-200000@biocserver.BIOC.CWRU.Edu>; from jose@biocserver.BIOC.cwru.edu on Mon, May 28, 2001 at 02:14:23PM -0400
--8X7/QrJGcKSMr1RN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, May 29, 2001 at 06:38:15AM -0000, bugtraq-owner@securityfocus.com w=
rote:
Kukuk's rpc.yppasswdd builds without a great deal of wrestling on
Solaris 2.6. There was one undef function, probably svc_getcaller,
but it's only used in a log message, so it's easy to just eliminate.
This could conceivably be a more complete temporary solution than
setting up noexec_user_stack (though both might be best).
It sure would be nice if Sun would at least acknowledge the problem.
On Mon, May 28, 2001 at 02:14:23PM -0400, Jose Nazario wrote:
> The best solution is to firewall your boxe(s) that are running NIS from
> the internet. However this will not stop the insider attack.
>=20
> Sun has not release an official patch for this yet. A workaround 1) would
> be to turn off yppasswdd. This is around line 133 or so in
> /usr/lib/netsvc/yp/ypstart. Just comment it out. The hack doesn't appear
> to work if yppassword is disabled with NIS still running. Please note in
> doing this, yppassword is not running and users cannot change their
> password.
>=20
> Another work around 2) is if you still need to run yppassword is to do
> the following:
>=20
> set noexec_user_stack =3D 1
> set noexec_user_stack_log =3D 1
> in /etc/system (after a reboot of course)
>=20
> Of course a different exploit could work around that but hopefully this
> will permit people to use yppasswd until a patch is forthcoming. This step
> has not been tested yet.
--=20
Dan Stromberg UCI/NACS/DCS
--8X7/QrJGcKSMr1RN
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7E+lLo0feVm00f/8RAgfHAJ9f2tGDwWNmlMVrQvw5Y21OLjwkhwCgiNIB
Czl03CPy51pTMDBno+9lH8U=
=5N3R
-----END PGP SIGNATURE-----
--8X7/QrJGcKSMr1RN--
