Description
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.
References (11)
Core 11
Core References
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://online.securityfocus.com/advisories/4605
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-229.html
Various Sources vendor-advisory
x_refsource_caldera
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-180
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-224.html
Various Sources vendor-advisory
x_refsource_mandrake
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10423.php
Vendor Advisory vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539
Patch vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-223.html
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6016
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103582692228894&w=2
Scores
EPSS
0.0445
EPSS Percentile
89.2%
Details
Status
published
Products (8)
debian/debian_linux
2.2 (7 CPE variants)
debian/debian_linux
3.0 (11 CPE variants)
hp/secure_os
1.0
redhat/linux
6.2 (4 CPE variants)
redhat/linux
7.0 (3 CPE variants)
redhat/linux
7.1 (3 CPE variants)
redhat/linux
7.2 (2 CPE variants)
redhat/linux
7.3 (2 CPE variants)
Published
Nov 04, 2002
Tracked Since
Feb 18, 2026