FreeBSD contains a flaw that may allow "securenets" access restrictions to be inadvertantly disabled. The issue is triggered when a change in the build process caused ypserv to fail to load or process the networks and hosts specified in the /var/yp/securenets file. It is possible that the flaw may allow access to NIS maps resulting in a loss of integrity.

Upgrade to version 5-STABLE or 6-STABLE, or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, or RELENG_5_3 security branch dated after the correction date or higher, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch for some older versions. It is also possible to correct the flaw by implementing the following workaround: use /etc/hosts.allow for access control or configure a firewall to restrict access.

• CVE ID: 2006-2655 (see also: NVD)
• Secunia Advisory ID: 20389
• SCIP VulDB ID: 2274
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0702.html
• Packet Storm: http://packetstormsecurity.org/advisories/freebsd/FreeBSD-SA-06-15.ypserv.txt
• Other Advisory URL: http://security.freebsd.org/advisories/FreeBSD-SA-06:15.ypserv.asc
• Vendor Specific Solution URL: http://security.FreeBSD.org/patches/SA-06:15/ypserv.patch
  http://security.FreeBSD.org/patches/SA-06:15/ypserv.patch.asc
• Vendor URL: http://www.freebsd.org

• Hokan -