SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#327281

Solaris rpc.yppasswdd does not adequately check input allowing users to execute arbitrary code

Overview

A remotely exploitable buffer overflow exists in the 'rpc.yppasswd' service on Solaris 2.6, 2.7, and 2.8.

I. Description

Network Information Service (NIS) provides a simple network lookup service consisting of databases and processes. Its purpose is to provide information, that has to be known throughout the network, to all machines on the network. Information likely to be distributed by NIS might be login names and/or group information. A remotely exploitable buffer overflow exists in the 'rpc.yppasswd' service. This vulnerability could allow a remote intruder to execute arbitrary code with superuser privileges on an NIS master server. Note that only NIS master servers running the rpc.ypasswdd process are affected. For more information, please see this Sun Alert.

II. Impact

Remote intruders can execute arbitrary code with super user privileges on a NIS master server.

III. Solution

Contact vendor for patches.

If you cannot immediately patch your systems, the following are suggested workarounds until a patch can be applied:

  • Stop the rpc.yppasswd process. Note that by stopping this service, all users in the NIS domain will be unable to change their NIS password.
  • Enable non-executable user program stacks in the kernel by adding the following lines to the NIS servers "/etc/system" file:
set noexec_user_stack = 1
set noexec_user_stack_log = 1

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=salert%2F27486&zone_32=yppasswd%2A%20%202748%2A%20
http://www.incidents.org/news/yppassword.php
http://archives.neohapsis.com/archives/bugtraq/2001-05/0273.html

Credit

This document was written by Ian A. Finlay.

Other Information

Date Public:2001-07-05
Date First Published:2001-10-04
Date Last Updated:2002-12-18
CERT Advisory: 
CVE-ID(s):CVE-2001-0779
NVD-ID(s):CVE-2001-0779
US-CERT Technical Alerts: 
Metric:31.39
Document Revision:41

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2001 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader