RHSA-2003:229: Updated ypserv packages fix various vulnerabilities

Description

Updated ypserv packages which fix a denial of service (DoS) vulnerability and a memory leak are now available for Red Hat Linux on IBM iSeries and pSeries systems.

The ypserv package contains the Network Information Service (NIS) server. For ypserv versions before 2.5 it was discovered that a memory leak which can be triggered remotely. When someone requests a map that does not exist, a previous mapname may be returned. This happens, for instance, if the command "ypmatch foo aaaaaaaaaaaaaaaaaaaa" is run. Repeatedly running this command will result in the NIS server using more memory and running more slowly. This condition can lead to the killing of the ypserv process due to the system being out of memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1232 to this issue. For ypserv version 2.7 and before, a malicious client can block NIS requests. To do this, the malicious client queries ypserv via TCP and then ignores the server's response. The ypserv daemon will then wait indefinitely for a response from the client indicating it received the message. During this time no other client requests are answered by ypserv, causing a DoS. Versions 2.7 and greater of ypserv have been altered to fork a child process for each client request -- thus preventing any one request from causing a DoS. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0251 to this issue. Red Hat recommends that users of NIS immediately upgrade to the packages contained within this erratum, which are not vulnerable to these