[CentOS] NIS failover

Thu Dec 17 20:06:05 UTC 2009
Stephen Harris <lists at spuddy.org>

On Thu, Dec 17, 2009 at 01:50:16PM -0600, John R. Dennison wrote:
> 	Out of curiousity, can you point me to writeups of known working
> 	exploits against current yp-family versions on CentOS?

The problem isn't an exploit of the specific tools; the whole mechanism
is insecure, unless you use secureRPC everywhere.

For example, there's no verification that the server you are bound to
is, indeed, a valid server for the network and not a rogue sending out
bad data.  (Opens you to many MITM attacks).

Exposure of passwords?  Well, the crypt string, anyway.  If you're not
using md5 password encryption everywhere then you've opened yourself to
simple brute-force attacks on your network.

No validation that client machines are authorized to see the data (I
plug a machine into your network and can grab all the data from NIS,
to hack against in my own time... and forget about the pseudo 'shadow'
map in that case!)

And so on.

-- 

rgds
Stephen