Vulnerabilities > CVE-2002-1232 - Remote Network Information Leakage vulnerability in YPServ

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
debian
hp
redhat
nessus
NVD
Published: 2002-11-04
Updated: 2016-10-18

Summary

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

Vulnerable Configurations

Part Description Count
OS
Debian
18
OS
Hp
1
OS
Redhat
14

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-180.NASL
    descriptionThorsten Kukuck discovered a problem in the ypserv program which is part of the Network Information Services (NIS). A memory leak in all versions of ypserv prior to 2.5 is remotely exploitable. When a malicious user could request a non-existing map the server will leak parts of an old domainname and mapname.
    last seen2020-06-01
    modified2020-06-02
    plugin id15017
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15017
    titleDebian DSA-180-1 : nis - information leak
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-180. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(15017);
  script_version("1.15");
  script_cvs_date("Date: 2019/08/02 13:32:17");

  script_cve_id("CVE-2002-1232");
  script_xref(name:"DSA", value:"180");

  script_name(english:"Debian DSA-180-1 : nis - information leak");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Thorsten Kukuck discovered a problem in the ypserv program which is
part of the Network Information Services (NIS). A memory leak in all
versions of ypserv prior to 2.5 is remotely exploitable. When a
malicious user could request a non-existing map the server will leak
parts of an old domainname and mapname."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2002/dsa-180"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the nis package.

This problem has been fixed in version 3.9-6.1 for the current stable
distribution (woody), in version 3.8-2.1 for the old stable
distribution (potato) and in version 3.9-6.2 for the unstable
distribution (sid)."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nis");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/10/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"nis", reference:"3.8-2.1")) flag++;
if (deb_check(release:"3.0", prefix:"nis", reference:"3.9-6.1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2002-078.NASL
    descriptionA memory leak that could be triggered remotely was discovered in ypserv 2.5 and earlier. This could lead to a Denial of Service as repeated requests for a non-existent map will result in ypserv consuming more and more memory, and also running more slowly. If the system runs out of available memory, ypserv would also be killed.
    last seen2020-06-01
    modified2020-06-02
    plugin id13976
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13976
    titleMandrake Linux Security Advisory : ypserv (MDKSA-2002:078)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2002-224.NASL
    descriptionUpdated ypserv packages which fix a memory leak are now available for Red Hat Linux Advanced Server. [Updated 08 Jan 2003] Added fixed packages for the Itanium (IA64) architecture. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 ypserv is an NIS authentication server. ypserv versions before 2.5 contain a memory leak that can be triggered remotely. When someone requests a map that doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id12329
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12329
    titleRHEL 2.1 : ypserv (RHSA-2002:224)

Redhat

advisories
  • rhsa
    idRHSA-2002:223
  • rhsa
    idRHSA-2002:224
  • rhsa
    idRHSA-2003:229

References