Info

Disclosure

May 31, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

FreeBSD contains a flaw that may allow "securenets" access restrictions to be inadvertantly disabled. The issue is triggered when a change in the build process caused ypserv to fail to load or process the networks and hosts specified in the /var/yp/securenets file. It is possible that the flaw may allow access to NIS maps resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Misconfiguration
Impact: Loss of Integrity
Disclosure: OSVDB Verified

Solution

Upgrade to version 5-STABLE or 6-STABLE, or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, or RELENG_5_3 security branch dated after the correction date or higher, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch for some older versions. It is also possible to correct the flaw by implementing the following workaround: use /etc/hosts.allow for access control or configure a firewall to restrict access.

Products

FreeBSD Project	FreeBSD	5.3
		5.4
		5.5
		6.0
		6.1

References

CVE ID: 2006-2655 (see also: NVD)
Secunia Advisory ID: 20389
SCIP VulDB ID: 2274
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0702.html
Packet Storm: http://packetstormsecurity.org/advisories/freebsd/FreeBSD-SA-06-15.ypserv.txt
Other Advisory URL: http://security.freebsd.org/advisories/FreeBSD-SA-06:15.ypserv.asc
Vendor Specific Solution URL: http://security.FreeBSD.org/patches/SA-06:15/ypserv.patch
http://security.FreeBSD.org/patches/SA-06:15/ypserv.patch.asc
Vendor URL: http://www.freebsd.org

Credit

Hokan -

Direct URL: http://osvdb.org/25852

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

FreeBSD Project

FreeBSD

References

Credit