Vulnerability Name:

CVE-2002-1232 (CCN-10423)

Assigned:2002-08-10
Published:2002-08-10
Updated:2016-10-18
Summary:Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CALDERA
Type: UNKNOWN
CSSA-2002-054.0

Source: CCN
Type: SCO Security Advisory CSSA-2002-054.0
Linux: exploitable memory leak in ypserv

Source: CCN
Type: Freshmeat Newsletter Sat Aug 10 2002 - 23:10:08 CDT
[fm-news] Newsletter for Saturday, August 10th 2002

Source: MITRE
Type: CNA
CVE-2002-1232

Source: CONECTIVA
Type: UNKNOWN
CLA-2002:539

Source: CCN
Type: Conectiva Linux Announcement CLSA-2002:539
Ypserv memory leak

Source: BUGTRAQ
Type: UNKNOWN
20021028 GLSA: ypserv

Source: HP
Type: UNKNOWN
HPSBTL0210-074

Source: CCN
Type: RHSA-2002-223
Updated ypserv packages fixes memory leak

Source: CCN
Type: RHSA-2002-224
ypserv security update

Source: CCN
Type: RHSA-2003-229
Updated ypserv packages fix various vulnerabilities

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-180

Source: DEBIAN
Type: DSA-180
nis -- information leak

Source: XF
Type: Vendor Advisory
ypserv-map-memory-leak(10423)

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:078

Source: CCN
Type: Linux NIS/NIS+ Projects Web site
ypserv NEWS -- history of user-visible changes.

Source: CCN
Type: Gentoo Linux Security Announcement 200210-010
ypserv

Source: REDHAT
Type: Patch
RHSA-2002:223

Source: REDHAT
Type: UNKNOWN
RHSA-2002:224

Source: REDHAT
Type: UNKNOWN
RHSA-2003:229

Source: BID
Type: Patch, Vendor Advisory
6016

Source: CCN
Type: BID-6016
YPServ Remote Network Information Leakage Vulnerability

Source: XF
Type: UNKNOWN
ypserv-map-memory-leak(10423)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:68k:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:alpha:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:arm:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:ia-32:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:powerpc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:sparc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:hp:secure_os:1.0:*:linux:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:sparc:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.0:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.0:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:i386:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:pseries:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:iseries:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:180
    V
    		information leak
    2002-10-21
    BACK
    debian debian linux 2.2
    debian debian linux 2.2
    debian debian linux 2.2
    debian debian linux 2.2
    debian debian linux 2.2
    debian debian linux 2.2
    debian debian linux 2.2
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    hp secure os 1.0
    redhat linux 6.2
    redhat linux 6.2
    redhat linux 6.2
    redhat linux 6.2
    redhat linux 7.0
    redhat linux 7.0
    redhat linux 7.0
    redhat linux 7.1
    redhat linux 7.1
    redhat linux 7.1
    redhat linux 7.2
    redhat linux 7.2
    redhat linux 7.3
    redhat linux 7.3
    redhat linux 6.2
    debian debian linux 2.2
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    conectiva linux 6.0
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    conectiva linux 7.0
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    mandrakesoft mandrake linux 8.2
    conectiva linux 8.0
    redhat linux 7.3
    debian debian linux 3.0
    gentoo linux *
    mandrakesoft mandrake linux 9.0
    redhat enterprise linux 2.1
    redhat linux advanced workstation 2.1
    redhat linux 7.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.2