Description
ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack.
Affected products
- slackware / slackware_linux2.1 – 2.1
- slackware / slackware_linux2.2 – 2.2
- slackware / slackware_linux2.3 – 2.3
- sun / sunos4.1.3 – 4.1.3
- sun / sunos4.1.4 – 4.1.4