Re: Returned post for bugtraq () securityfocus com

[Dan Stromberg <strombrg () nis acs uci edu>]

On Tue, May 29, 2001 at 06:38:15AM -0000, bugtraq-owner () securityfocus com wrote:

Kukuk's rpc.yppasswdd builds without a great deal of wrestling on
Solaris 2.6.  There was one undef function, probably svc_getcaller,
but it's only used in a log message, so it's easy to just eliminate.
This could conceivably be a more complete temporary solution than
setting up noexec_user_stack (though both might be best).

It sure would be nice if Sun would at least acknowledge the problem.

On Mon, May 28, 2001 at 02:14:23PM -0400, Jose Nazario wrote:
> The best solution is to firewall your boxe(s) that are running NIS from
> the internet. However this will not stop the insider attack.
>
> Sun has not release an official patch for this yet. A workaround 1) would
> be to turn off yppasswdd. This is around line 133 or so in
> /usr/lib/netsvc/yp/ypstart. Just comment it out. The hack doesn't appear
> to work if yppassword is disabled with NIS still running. Please note in
> doing this, yppassword is not running and users cannot change their
> password.
>
> Another work around 2) is if you still need to run yppassword is to do
> the following:
>
> set noexec_user_stack = 1
> set noexec_user_stack_log = 1
> in /etc/system (after a reboot of course)
>
> Of course a different exploit could work around that but hopefully this
> will permit people to use yppasswd until a patch is forthcoming. This step
> has not been tested yet.

-- 
Dan Stromberg                                               UCI/NACS/DCS

Attachment: _bin
Description: