Note: The red stoplight on this page indicates the highest possible severity for this category of vulnerabilities. The severity level in this case is indicated by the colored dot beside the link to this tutorial on the previous page.
2/21/03
The rpc.yppasswdd included with HP-UX
versions 11.22 and earlier are affected by a similar
but separate vulnerability.
rpc.passwd:
6/13/02
CAN 2002-0357
A vulnerability in rpc.passwd systems that are configured as YP masters
could allow a user to compromise root. The versions of
rpc.passwd included in SGI IRIX versions prior to 6.5.16 are
vulnerable. Versions earlier than 6.5 have not been tested but are assumed
to have the same vulnerability.
Alternatively, disable the yppasswdd service if it is not needed. On the Sun and SCO, this can be done by removing the execute permission from rpc.yppasswdd as follows:
chmod a-x /usr/lib/netsvc/yp/rpc.yppasswddAlso kill the currently running rpc.yppasswdd process as follows:
ps -ef kill <pid of rpc.yppasswdd>where <pid of rpc.yppasswdd> is the process ID of the rpc.yppasswdd process in the output from the ps command.
The above workaround will deny users the ability to change their own passwords.
Any servers running NIS should also be protected by a firewall.
rpc.passwd:
Install patch
4589 from SGI for the IRIX version you have; or upgrade to IRIX 6.5.16
or later.
Alternatively, you can disable the yppasswdd capability by removing execute permission from the rpc.passwd binary and killing any existing process by issuing the following commands:
chmod 444 /usr/etc/rpc.passwd killall rpc.passwd
After doing this, it will be necessary to run the "passwd" program on the NIS master in order to cause NIS password changes.