CVE-2002-1232 — nis - information leak

Description

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

How to fix CVE-2002-1232

To remediate CVE-2002-1232, upgrade the affected package to a fixed version below.

Debian/nis—upgrade to 3.9-6.2 or later
Debian/nis—upgrade to 3.9-6.1 or later

Is CVE-2002-1232 being exploited?

Low — EPSS is 4.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 3.9-6.2
from 0, < 3.9-6.1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2002-1232