rpc.ypupdated command injection vulnerability
Added: 03/28/2008CVE: CVE-1999-0208
BID: 1749
OSVDB: 11517
Background
Network Information Service (NIS) is a distributed database that allows you to maintain consistent configuration files throughout your network. rpc.ypupdated is an NIS service which is responsible for duplicating information from the master NIS server to slave servers.Problem
A command injection vulnerability in rpc.ypupdated allows remote attackers to execute arbitrary commands by sending an Update command with a map name containing invalid characters, which are interpreted by the shell when invoking the make command.Resolution
Apply a patch from the vendor, or disable the rpc.ypupdated service.References
http://secunia.com/advisories/29454/http://www.cert.org/advisories/CA-1995-17.html
Limitations
Exploit works on Solaris 10 and requires the rpc.ypupdated program to be running with the -i option.Platforms
SunOSBack to exploit index