On Tue, May 29, 2001 at 06:38:15AM -0000, [EMAIL PROTECTED] wrote:
Kukuk's rpc.yppasswdd builds without a great deal of wrestling on
Solaris 2.6. There was one undef function, probably svc_getcaller,
but it's only used in a log message, so it's easy to just eliminate.
This could conceivably be a more complete temporary solution than
setting up noexec_user_stack (though both might be best).
It sure would be nice if Sun would at least acknowledge the problem.
On Mon, May 28, 2001 at 02:14:23PM -0400, Jose Nazario wrote:
> The best solution is to firewall your boxe(s) that are running NIS from
> the internet. However this will not stop the insider attack.
>
> Sun has not release an official patch for this yet. A workaround 1) would
> be to turn off yppasswdd. This is around line 133 or so in
> /usr/lib/netsvc/yp/ypstart. Just comment it out. The hack doesn't appear
> to work if yppassword is disabled with NIS still running. Please note in
> doing this, yppassword is not running and users cannot change their
> password.
>
> Another work around 2) is if you still need to run yppassword is to do
> the following:
>
> set noexec_user_stack = 1
> set noexec_user_stack_log = 1
> in /etc/system (after a reboot of course)
>
> Of course a different exploit could work around that but hopefully this
> will permit people to use yppasswd until a patch is forthcoming. This step
> has not been tested yet.
--
Dan Stromberg UCI/NACS/DCS
PGP signature
