|
Description
|
This indicates an attempt to exploit remote command execution in rpc.yupdated.
There exists a vulnerability in Network Information Service (NIS) update daemon. Due to insufficient user input validation, a remote attacker can execute arbitrary commands with root privileges on a target system.
|
|
|
|
Impact
|
|
Attackers can execute arbitrary command on the victims system.
|
|
|
|
Affected Products
|
Sun SunOS 4.1.4 -JL
Sun SunOS 4.1.4
Sun SunOS 4.1.3 c
Sun SunOS 4.1.3 _U1
Sun SunOS 4.1.3
Sun SunOS 4.1.2
Sun SunOS 4.1.1
Sun SunOS 4.1 PSR_A
Sun SunOS 4.1
Sun Solaris 9
Sun Solaris 8
Sun Solaris 10
SGI IRIX 6.0.1 XFS
SGI IRIX 6.0.1
SGI IRIX 6.0
SGI IRIX 5.3 XFS
SGI IRIX 5.3
SGI IRIX 5.2
SGI IRIX 5.1.1
SGI IRIX 5.1
SGI IRIX 5.0.1
SGI IRIX 5.0
SGI IRIX 4.0.5 IPR
SGI IRIX 4.0.5 H
SGI IRIX 4.0.5 G
SGI IRIX 4.0.5 F
SGI IRIX 4.0.5 E
SGI IRIX 4.0.5 D
SGI IRIX 4.0.5 A
SGI IRIX 4.0.5 (IOP)
SGI IRIX 4.0.5
SGI IRIX 4.0.4 T
SGI IRIX 4.0.4 B
SGI IRIX 4.0.4
SGI IRIX 4.0.3
SGI IRIX 4.0.2
SGI IRIX 4.0.1 T
SGI IRIX 4.0.1
SGI IRIX 4.0
SGI IRIX 3.3.3
SGI IRIX 3.3.2
SGI IRIX 3.3.1
SGI IRIX 3.3
SGI IRIX 3.2
NEC UX/4800 (64)
NEC UP-UX/V (Rel4.2MP)
NEC EWS-UX/V (Rel4.2MP)
NEC EWS-UX/V (Rel4.2)
IBM AIX 4.1
IBM AIX 3.2
HP HP-UX 10.20
HP HP-UX 10.10
HP HP-UX 10.1 0
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.11
HP HP-UX B.11.00
|
|
Aliases
|
NIS.YPUpdated.TCP
NIS.YPUpdated.UDP
|
|
References
|
http://www.securityfocus.com/bid/1749
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0208
http://www.milw0rm.com/exploits/5366
http://www.cert.org/advisories/CA-1995-17.html
http://www.milw0rm.com/exploits/5282
|
|
Recommended Actions
|
Apply appropriate patches and/or upgrade the program to the latest non-vulnerable version.
|
