HEADS UP: rpc.yppasswdd working again
Mark Murray
mark at grondar.org
Sun Jun 15 06:30:04 PDT 2003
Martin Blapp writes:
>
> Small, but important message for NIS users.
>
> All users who had problems with NIS should rebuild their
> world. Long outstanding problems have been fixed and
> rpc.yppasswdd allows root again to change passwords
> on ypmaster without knowledge of the users password.
Does this not create a vulnerability?
Example: Bad Guy sets up a personal workstation with himself as root
and steals an IP address from the machine he just switched off. Now
he can change passwords on the server at will.
M
--
Mark Murray
iumop ap!sdn w,I idlaH
More information about the freebsd-current
mailing list