Date: Sun, 15 Jun 2003 14:29:43 +0100 From: Mark Murray <mark@grondar.org> To: Martin Blapp <mb@imp.ch> Cc: current@freebsd.org Subject: Re: HEADS UP: rpc.yppasswdd working again Message-ID: <200306151329.h5FDThHh077681@grimreaper.grondar.org> In-Reply-To: Your message of "Sun, 15 Jun 2003 12:50:03 %2B0200." <20030615124438.U60004@cvs.imp.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
Martin Blapp writes: > > Small, but important message for NIS users. > > All users who had problems with NIS should rebuild their > world. Long outstanding problems have been fixed and > rpc.yppasswdd allows root again to change passwords > on ypmaster without knowledge of the users password. Does this not create a vulnerability? Example: Bad Guy sets up a personal workstation with himself as root and steals an IP address from the machine he just switched off. Now he can change passwords on the server at will. M -- Mark Murray iumop ap!sdn w,I idlaH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306151329.h5FDThHh077681>