rpc.ypupdated command injection vulnerability

Added: 03/28/2008
CVE: CVE-1999-0208
BID: 1749
OSVDB: 11517

Background

Network Information Service (NIS) is a distributed database that allows you to maintain consistent configuration files throughout your network. rpc.ypupdated is an NIS service which is responsible for duplicating information from the master NIS server to slave servers.

Problem

A command injection vulnerability in rpc.ypupdated allows remote attackers to execute arbitrary commands by sending an Update command with a map name containing invalid characters, which are interpreted by the shell when invoking the make command.

Resolution

Apply a patch from the vendor, or disable the rpc.ypupdated service.

References

http://secunia.com/advisories/29454/
http://www.cert.org/advisories/CA-1995-17.html

Limitations

Exploit works on Solaris 10 and requires the rpc.ypupdated program to be running with the -i option.

Platforms

SunOS

Back to exploit index