20th Nov 2002 [SBWID-5829]
COMMAND

	ypserv memory leak

SYSTEMS AFFECTED

	ypserv 2.5 and earlier

PROBLEM

	Thanks to Mandrake advisory [MDKSA-2002:078] :
	
	Problem Description:
	
	 A memory leak that could be triggered remotely was discovered in ypserv
	 2.5 and earlier.  This could lead to a Denial of Service as repeated
	 requests for a non-existant map will result in ypserv consuming more
	 and more memory, and also running more slowly.  If the system runs out
	 of available memory, ypserv would also be killed.
	
	References:
	
	  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0825
	  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0374
	  http://www.kb.cert.org/vuls/id/738331
	  http://www.padl.com/Articles/PotentialBufferOverflowin.html
	

SOLUTION

	New package available (latest is 2.5-1)