FreeBSD ypserv security bypass
| freebsd-ypserv-security-bypass (26792) |  Medium Risk |
Description:
A vulnerability in the ypserv utility in FreeBSD could allow a remote attacker to bypass access control reestrictions. The securenets file used for restricting access could be disabled during a build process. A remote attacker could exploit this vulnerability to bypass security restrictions.
Platforms Affected:
- FreeBSD, FreeBSD 5.3
- FreeBSD, FreeBSD 5.4
- FreeBSD, FreeBSD 5.5
- FreeBSD, FreeBSD 6.0
- FreeBSD, FreeBSD 6.1
Remedy:
Refer to FreeBSD Security Advisory FreeBSD-SA-06:15 for patch, upgrade, or suggested workaround information. See References.
Consequences:
Bypass Security
References:
- FreeBSD Security Advisory FreeBSD-SA-06:15.ypserv, Inoperative access controls in ypserv(8) at http://security.freebsd.org/advisories/FreeBSD-SA-06:15.ypserv.asc.
- BID-18204: FreeBSD YPServ Inoperative Access Control Vulnerability
- CVE-2006-2655: The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions.
- OSVDB ID: 25852: FreeBSD ypserv securenets Access Control Failure
- SA20389: FreeBSD ypserv Inoperative Access Controls Security Issue
- SECTRACK ID: 1016193: FreeBSD ypserv Does Not Properly Enforce `securenets` Access Controls
Reported:
May 31, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net