Notified: August 28, 2002 Updated: September 03, 2002
Not Affected
Mac OS X and Mac OS X Server do not contain the vulnerability described in this report.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: September 04, 2002
Not Affected
Cray Inc. is not vulnerable as it does not include the ypxfrd daemon as part of its NIS implementation.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: October 30, 2002
Not Affected
Debian is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: September 18, 2002
Not Affected
This vulnerability does not exist in FreeBSD's implementation of the NIS map transfer server, rpc.ypxfrd(8).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: October 10, 2002
Affected
The AIX operating system is vulnerable to the issue detailed above in the advisory. This affects AIX releases 4.3.3 and 5.1.0 An efix package for this issue will be available from the IBM software ftp site by 10/16/2002 at the latest. The package will be located at: ftp://ftp.software.ibm.com/aix/efixes/security/ypserv_efix.tar.Z The efix packages can be downloaded via anonymous ftp from ftp.software.ibm.com/aix/efixes/security. This directory contains a README file that gives further details on the efix packages. The APARs for this vulnerability are: AIX 4.3.3: IY34800 ( available approx 10/16/2002 ) AIX 5.1.0: IY34664 ( currently available )
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: October 11, 2002
Not Affected
MandrakeSoft products are not vulnerable as we use an independent version from Thorsten Kukuk.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: September 24, 2002
Not Affected
sent on September 24, 2002 [Server Products] * EWS/UP 48 Series operating system - is NOT vulnerable, since it does not support ypxfrd(1M).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: September 05, 2002
Not Affected
We do not have this daemon. Various internal database formats made it very difficult for us to write code that would use this protocol; so we instead transfer maps using the older -- slower -- method.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Not Affected
Red Hat products are not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Not Affected
IRIX is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: October 10, 2002
Affected
The Solaris ypxfrd(1M) and ypserv(1M) daemons ares affected by this issue in all currently supported versions of Solaris: Solaris 2.6, 7, 8, and 9 Patches are being generated for all of the above releases. Sun will be publishing Sun Alert #47903 for this issue shortly. The Sun Alert will be available from: http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert%2F47903 The patches will be availble from: http://sunsolve.sun.com/securitypatch
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Not Affected
The implementation that we are using in all currently supported SuSE products is independent code from Thorsten Kukuk
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: September 18, 2002
Affected
SCO OpenServer is vulnerable to this issue, and we are currently working on a fix. Caldera OpenLinux is also vulnerable, and a fix is in progress. SCO Open UNIX and SCO UnixWare are not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 28, 2002 Updated: August 29, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.