ypbind as shipped in Red Hat Linux 5.x and 6.x is vulnerable to a local root exploit. All systems making use of NIS services are encouraged to upgrade.
Systems using Network Information Service, or NIS, use a daemon called ypbind to request information from a NIS server. This information is then used by the local machine. The logging code in ypbind is vulnerable to a printf string format attack which an attacker could exploit by passing ypbind a carefully crafted request. This attack can successfully lead to local root access. This problem has been corrected with these new packages.