On Tue, May 29, 2001 at 06:38:15AM -0000, bugtraq-ownerat_private wrote: Kukuk's rpc.yppasswdd builds without a great deal of wrestling on Solaris 2.6. There was one undef function, probably svc_getcaller, but it's only used in a log message, so it's easy to just eliminate. This could conceivably be a more complete temporary solution than setting up noexec_user_stack (though both might be best). It sure would be nice if Sun would at least acknowledge the problem. On Mon, May 28, 2001 at 02:14:23PM -0400, Jose Nazario wrote: > The best solution is to firewall your boxe(s) that are running NIS from > the internet. However this will not stop the insider attack. > > Sun has not release an official patch for this yet. A workaround 1) would > be to turn off yppasswdd. This is around line 133 or so in > /usr/lib/netsvc/yp/ypstart. Just comment it out. The hack doesn't appear > to work if yppassword is disabled with NIS still running. Please note in > doing this, yppassword is not running and users cannot change their > password. > > Another work around 2) is if you still need to run yppassword is to do > the following: > > set noexec_user_stack = 1 > set noexec_user_stack_log = 1 > in /etc/system (after a reboot of course) > > Of course a different exploit could work around that but hopefully this > will permit people to use yppasswd until a patch is forthcoming. This step > has not been tested yet. -- Dan Stromberg UCI/NACS/DCS
This archive was generated by hypermail 2b30 : Wed May 30 2001 - 13:00:18 PDT