CVE

Id
297  
CVE No.
CVE-1999-0298  
Status
Candidate  
Description
ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack.  
Phase
Modified (20000524-01)  
Votes
ACCEPT(4) Cole, Dik, Levy, Northcutt | MODIFY(1) Frech | NOOP(3) Baker, Christey, Shostack  
Comments
Christey> ADDREF BID:1441 | URL:http://www.securityfocus.com/bid/1441 | Dik> If you run with "-ypset", then you"re always insecure. | With ypsetme, only root on the local host | can run ypset in Solaris 2.x+. | Probably true for SunOS 4, hence my vote. | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> ADDREF XF:ypbind-ypset-root | CHANGE> [Dik changed vote from REVIEWING to ACCEPT] | Dik> This vulnerability does exist in SunOS 4.x in non default configurations. | In Solaris 2.x, the vulnerability only applies to files named "cache_binding" | and not all files ending in .2 | Both releases are not vulnerable in the default configuration (both | disabllow ypset by default which prevents this problem from occurring)  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
625 297 CVE-1999-0298 NAI:19970205 Vulnerabilities in Ypbind when run with -ypset/-ypsetme  View

Related JVN