oss-sec mailing list archives
Re: CVE id request: GNU libc: NIS shadow password leakage
From: Josh Bressers <bressers () redhat com>
Date: Mon, 11 Jan 2010 08:15:17 -0500 (EST)
----- "Christoph Pleger" <Christoph.Pleger () cs tu-dortmund de> wrote:
I did a little testing with a Linux NIS client and a Linux NIS server, also with the same client and a Solaris NIS server. I used tcpdump to look at the network traffic and saw that, when ypcat is called as root, it uses privileged ports. Of course, when called by a non-root user, it only uses non-privileged ports. It seems that Linux NIS servers as well as Solaris NIS servers expect that the request is sent from a privileged port when someone wants to look at the "secret" maps, so it is not possible for every user to see the encrypted NIS passwords, but only for root. This is still a security risk in an environment where every user can connect his or her own notebook, but that's another problem.
I was mistaken, this certainly deserves a CVE id.
Please use CVE-2010-0015
Thanks.
--
JB
Current thread:
- CVE id request: GNU libc: NIS shadow password leakage Aurelien Jarno (Jan 07)
- Re: CVE id request: GNU libc: NIS shadow password leakage Josh Bressers (Jan 08)
- Re: CVE id request: GNU libc: NIS shadow password leakage Christoph Pleger (Jan 08)
- Re: CVE id request: GNU libc: NIS shadow password leakage Tomas Hoger (Jan 11)
- Re: CVE id request: GNU libc: NIS shadow password leakage Christoph Pleger (Jan 11)
- Re: CVE id request: GNU libc: NIS shadow password leakage Josh Bressers (Jan 11)
- Re: CVE id request: GNU libc: NIS shadow password leakage Christoph Pleger (Jan 08)
- Re: CVE id request: GNU libc: NIS shadow password leakage Josh Bressers (Jan 08)