Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 11 Jan 2010 08:15:17 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Tomas Hoger <thoger@...hat.com>
Subject: Re: CVE id request: GNU libc: NIS shadow password
   leakage

----- "Christoph Pleger" <Christoph.Pleger@...tu-dortmund.de> wrote:
> 
> I did a little testing with a Linux NIS client and a Linux NIS server,
> also with the same client and a Solaris NIS server. I used tcpdump to
> look at the network traffic and saw that, when ypcat is called as root,
> it uses privileged ports. Of course, when called by a non-root user, it
> only uses non-privileged ports.
> 
> It seems that Linux NIS servers as well as Solaris NIS servers expect
> that the request is sent from a privileged port when someone wants to
> look at the "secret" maps, so it is not possible for every user to see
> the encrypted NIS passwords, but only for root. This is still a security
> risk in an environment where every user can connect his or her own
> notebook, but that's another problem.
> 

I was mistaken, this certainly deserves a CVE id.

Please use CVE-2010-0015

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.