YPpasswd version

YPpasswdd Version


Summary

rpc.yppasswdd: A NIS password mangement daemon, rpc.yppasswdd can can be exploited through a buffer overflow attack. Unpatched versions are vulnerable on SunOS 5.6, 5.7, and 5.8.

Impact

A remote intruder can execute commands as root if the buffer overflow attack is successful.

The problem

The rpc.yppasswdd program is exploitable for remote root access. Versions are vulnerable to a buffer overflow attack where a well crafted pattern could execute arbitrary commands as the root user. The successful exploit usually spawns a second occurrence of inetd that creates a shell backdoor (e.g., the rje port)

Fix