bin/96993: /var/yp/securenets does not function in ypbind on 6.0
and 5.3
Hokan
hokan at me.umn.edu
Mon May 8 19:10:21 UTC 2006
>Number: 96993
>Category: bin
>Synopsis: /var/yp/securenets does not function in ypbind on 6.0 and 5.3
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon May 08 19:10:18 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Hokan
>Release: 6.0 and 5.3
>Organization:
University of Minnesota
>Environment:
FreeBSD rapid.enet.umn.edu 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Fri Jan 20 12:01:56 CST 2006 root at rapid.enet.umn.edu:/usr/src/sys/i386/compile/RAPID i386
FreeBSD temp1.enet.umn.edu 5.3-RELEASE FreeBSD 5.3-RELEASE #1: Tue May 24 14:49:50 CDT 2005 root at temp1.enet.umn.edu:/usr/src/sys/i386/compile/TEMP1 i386
>Description:
securenets file is ignored by ypserv. It is (properly?) used by rpc.yppasswdd.
On these releases anyone on the net can query NIS maps. In a mixed environment, like ours, the passwd map includes passwords. So anyone can look at our encrypted passwords.
>How-To-Repeat:
Set up a NIS server with a restrictive securenets file. Bind to that server with a client not authorized with securenets.
>Fix:
Workaround: use hosts.allow
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list