Alias(es)NIS.YPPasswd.TCP, NIS.YPPasswd.UDP |
Release DateSep 11, 2006 |
Severitycritical |
ImpactAttackers can gain root access to the victim system. |
DescriptionIt indicates a buffer overflow vulnerability in rpc.yppasswdd server. The yppasswd command allows users to change their Network Information Service (NIS) password. There exists buffer overflow vulnerabilities in rpc.yppasswdd of various Unix distributions. Due to inadequate boundary checking, a remote attacker can gain root privilege on a target system by passing it a specially-crafted rpc.yppassword request. |
Affected ProductsAny unprotected Solaris 2.6, 7 or 8 is vulnerable to the attack. |
Recommended ActionsApply appropriate patches from Sun and/or upgrade the program to the latest non-vulnerable version. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2001-0779 |
Reference/shttp://www.incidents.org/news/yppassword.php |
