Description
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.
Products
- Debian Debian Linux 2.2
- Debian Linux 2.2 for 68k
- Debian Linux 2.2 for Alpha
- Debian Linux 2.2 for ARM
- Debian Linux 2.2 for IA-32
- Debian Linux 2.2 for PowerPC
- Debian Linux 2.2 for SPARC
- Debian Debian Linux 3.0
- Debian Linux 3.0 on Alpha
- Debian Linux 3.0 on ARM
- Debian Linux 3.0 on HPPA
- Debian Linux 3.0 on IA-64
- Debian Linux 3.0 on M68k
- Debian Linux 3.0 on MIPS
- Debian Linux 3.0 on MIPSEL
- Debian Linux 3.0 on PPC
- Debian Linux 3.0 on S/390
- Debian Linux 3.0 on SPARC
- HP Secure OS 1.0 for Linux
- Red Hat Linux 6.2
- Red Hat Linux 6.2 on Alpha
- Red Hat Linux 6.2 on i386
- Red Hat Linux 6.2 on SPARC
- Red Hat Linux 7.0
- Red Hat Linux 7.0 on Alpha
- Red Hat Linux 7.0 on i386
- Red Hat Linux 7.1
- Red Hat Linux 7.1 on i386
- Red Hat Linux 7.1 on IA64
- Red Hat Linux 7.2
- Red Hat Linux 7.2 on IA64
- Red Hat Linux 7.3
- Red Hat Linux 7.3 on I386
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2002-1232, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-1232 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References