Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ncar!husc6!rice!sun-spots-request
From: graham%ee.surrey.ac.uk@nss.cs.ucl.ac.uk (Graham J Carpenter)
Newsgroups: comp.sys.sun
Subject: Re: Serious security problem with yppasswdd
Message-ID: <27528.8902011010@Valar.ee.surrey.ac.uk>
Date: 10 Feb 89 05:51:15 GMT
Sender: usenet@rice.edu
Organization: Sun-Spots
Lines: 23
Approved: Sun-Spots@rice.edu
Original-Date: Wed, 1 Feb 89 10:10:41 WET
X-Sun-Spots-Digest: Volume 7, Issue 149, message 1 of 13

>This bug apparently exists in all known yp implementations:  3.x, 4.0,
>4.0.1, and even implementations that aren't Sun's.  Our system manager
>called Sun for a patch tape, but I haven't heard yet...  --wnl

Does anyone have a Sun Bug Report ID number for this? It's easier to refer
to an existing bug report than to try and describe to Software Support
details of a bug about which we have no details.

--

Graham Carpenter - graham@ee.surrey.ac.uk
Dept of Electronic and Electrical Engineering
University of Surrey, Guildford, Surrey, GU2 5XH.

[[ Sure.  We have the tape now.  It has new 4.0 executables (for 010, 020,
and sparc) for in.ftpd, sendmail, sendmail.mx, ypbind, rpc.yppasswdd, and
portmap.  There are also 3.5 versions for ypbind and rpc.yppasswdd.  These
are fixes for the following Bug IDs: 1015127, 1015111, 1016711, 1015128,
1016786, 1010710.  But I have it on reasonably good authority (not from
within Sun) that the yppasswdd fix is still not sufficient.  Those
concerned should seriously consider joining the mailing list "Sun-Nets".
Mail requests to "Sun-Nets-request@brillig.umd.edu".  This is being
discussed fairly regularly there.  --wnl ]]