On Thu, Dec 17, 2009 at 01:50:16PM -0600, John R. Dennison wrote: > Out of curiousity, can you point me to writeups of known working > exploits against current yp-family versions on CentOS? The problem isn't an exploit of the specific tools; the whole mechanism is insecure, unless you use secureRPC everywhere. For example, there's no verification that the server you are bound to is, indeed, a valid server for the network and not a rogue sending out bad data. (Opens you to many MITM attacks). Exposure of passwords? Well, the crypt string, anyway. If you're not using md5 password encryption everywhere then you've opened yourself to simple brute-force attacks on your network. No validation that client machines are authorized to see the data (I plug a machine into your network and can grab all the data from NIS, to hack against in my own time... and forget about the pseudo 'shadow' map in that case!) And so on. -- rgds Stephen