ypbind detected
Created 5/7/02
CAN 2001-1328
Impact
A vulnerability in ypbind could allow a remote
attacker to execute arbitrary commands with root privileges.
Background
NIS is a set of services which provide
centralized account management and system configuration
capabilities for a Unix network. The set of NIS
clients and servers which share a common configuration
is called a domain. ypbind is the
process which binds a domain to an NIS server.
It runs on all NIS clients and servers, and
communicates with the ypserv or rpc.nisd
process running on the NIS server.
The Problem
A buffer overflow condition in ypbind could
allow a local or remote attacker to execute arbitrary commands
with root privileges.
The versions of ypbind included in Solaris 2.4 through
Solaris 8 (SunOS 5.4 through SunOS 5.8) are vulnerable.
Resolution
Install the appropriate patch for your operating system
version. See
Sun Security Bulletin 203 for patch information.
Where can I read more about this?
For more information, see Sun
Security Bulletin 203.