Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2008 Tenable Network Security, Inc. and Michel ArboiOPENVAS:136141256231080036
HistoryOct 24, 2008 - 12:00 a.m.

rpc.ypupdated RCE Vulnerability

2008-10-2400:00:00
Copyright (C) 2008 Tenable Network Security, Inc. and Michel Arboi
plugins.openvas.org
19

AI Score

6.5

Confidence

Low

EPSS

0.548

Percentile

97.7%

JSON

ypupdated with the

# SPDX-FileCopyrightText: 2008 Tenable Network Security, Inc. and Michel Arboi
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.80036");
  script_version("2024-06-27T05:05:29+0000");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/1749");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/28383");
  script_cve_id("CVE-1999-0208");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-06-27 05:05:29 +0000 (Thu, 27 Jun 2024)");
  script_tag(name:"creation_date", value:"2008-10-24 20:15:31 +0200 (Fri, 24 Oct 2008)");
  script_name("rpc.ypupdated RCE Vulnerability");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2008 Tenable Network Security, Inc. and Michel Arboi");
  script_family("General");

  script_tag(name:"solution", value:"Remove the '-i' option.
  If this option was not set, the rpc.ypupdated daemon is still vulnerable
  to the old flaw. Contact your vendor for a patch.");

  script_tag(name:"summary", value:"ypupdated with the '-i' option enabled is running on this port.");

  script_tag(name:"insight", value:"ypupdated is part of NIS and allows a client to update NIS maps.

  This old command execution vulnerability was discovered in 1995 and fixed then. However, it is still
  possible to run ypupdated in insecure mode by adding the '-i' option. Anybody can easily run commands
  as root on this machine by specifying an invalid map name that starts with a pipe character. Exploits
  have been publicly available since the first advisory.");

  script_tag(name:"qod_type", value:"remote_vul");
  script_tag(name:"solution_type", value:"Mitigation");

  script_tag(name:"deprecated", value:TRUE);

  exit(0);
}

exit(66); # This VT had called various functions which doesn't exist

Related

seebug 1
openvas 1
saint 4
checkpoint_advisories 2
cvelist 1
exploitdb 2
cve 1
nessus 1
seebug
seebug
ๅคšๅฎถๅŽ‚ๅ•†rpc.ypupdated่ฟœ็จ‹ๅฏๆ‰ง่กŒไปปๆ„ๅ‘ฝไปคๆผๆดž
2008-03-25 00:00:00
openvas
openvas
HP-UX Update for rpc.ypupdated HPSBUX01002
2009-05-05 00:00:00
saint
saint
rpc.ypupdated command injection vulnerability
2008-03-28 00:00:00
rpc.ypupdated command injection vulnerability
2008-03-28 00:00:00
rpc.ypupdated command injection vulnerability
2008-03-28 00:00:00
checkpoint_advisories
checkpoint_advisories
Sun Solaris rpc.ypupdated Command Injection (CVE-1999-0208)
2008-11-18 00:00:00
Preemptive Protection against Sun Solaris rpc.ypupdated Command Injection Vulnerability
2008-07-08 00:00:00
cvelist
cvelist
CVE-1999-0208
1999-09-29 04:00:00
exploitdb
exploitdb
HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - 'rpc.ypupdated' Command Execution (2)
1994-02-07 00:00:00
HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - 'rpc.ypupdated' Command Execution (1)
1994-02-07 00:00:00
cve
cve
CVE-1999-0208
1999-09-29 04:00:00
nessus
nessus
Multiple Vendor NIS rpc.ypupdated YP Map Update Arbitrary Remote Command Execution
2008-03-28 00:00:00

AI Score

6.5

Confidence

Low

EPSS

0.548

Percentile

97.7%

JSON
Related for OPENVAS:136141256231080036
seebug1openvas1saint4checkpoint_advisories2cvelist1exploitdb2cve1nessus1