CVE-2002-1232

Name of the Vulnerable Software and Affected Versions Debian GNU/Linux NIS package versions 3.9 and earlier ypserv versions before 2.5

Description The issue concerns multiple vulnerabilities in the NIS package of Debian GNU/Linux, which can be exploited remotely to disrupt the availability of protected information. A memory leak in the ypdb open function in yp db.c for ypserv before version 2.5 allows remote attackers to cause a denial of service by consuming memory via a large number of requests for a non-existent map.

Recommendations For Debian GNU/Linux NIS package versions 3.9 and earlier, update to a version later than 3.9 to resolve the issue. For ypserv versions before 2.5, update to version 2.5 or later to fix the memory leak vulnerability. As a temporary workaround, consider restricting access to the ypdb open function in yp db.c to minimize the risk of exploitation.