The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openlinux | Caldera | 2.4 | 2.4 |
Openlinux | Caldera | 2.2 | 2.2 |
Sunos | Sun | 5.7 | 5.7 |
Sunos | Sun | 5.8 | 5.8 |
Openserver | Sco | 5.0.5 | 5.0.5 |
Solaris | Sun | 9.0 | 9.0 |
Openserver | Sco | 5.0.6a | 5.0.6a |
Openserver | Sco | 5.0.6 | 5.0.6 |
Openlinux | Caldera | 2.3 | 2.3 |