Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:6AB3AB46AE73E0F0BA5A1E8CA63C8D2C
HistoryMar 28, 2008 - 12:00 a.m.

rpc.ypupdated command injection vulnerability

2008-03-2800:00:00
SAINT Corporation
download.saintcorporation.com
10

EPSS

0.548

Percentile

97.7%

JSON

Added: 03/28/2008
CVE: CVE-1999-0208
BID: 1749
OSVDB: 11517

Background

Network Information Service (NIS) is a distributed database that allows you to maintain consistent configuration files throughout your network. **rpc.ypupdated** is an NIS service which is responsible for duplicating information from the master NIS server to slave servers.

Problem

A command injection vulnerability in **rpc.ypupdated** allows remote attackers to execute arbitrary commands by sending an Update command with a map name containing invalid characters, which are interpreted by the shell when invoking the **make** command.

Resolution

Apply a patch from the vendor, or disable the **rpc.ypupdated** service.

References

<http://secunia.com/advisories/29454/&gt;
<http://www.cert.org/advisories/CA-1995-17.html&gt;

Limitations

Exploit works on Solaris 10 and requires the **rpc.ypupdated** program to be running with the **-i** option.

Platforms

SunOS

Related

saint 3
exploitdb 2
checkpoint_advisories 2
cvelist 1
seebug 1
openvas 2
cve 1
nessus 1
saint
saint
rpc.ypupdated command injection vulnerability
2008-03-28 00:00:00
rpc.ypupdated command injection vulnerability
2008-03-28 00:00:00
rpc.ypupdated command injection vulnerability
2008-03-28 00:00:00
exploitdb
exploitdb
HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - &#039;rpc.ypupdated&#039; Command Execution (2)
1994-02-07 00:00:00
HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - &#039;rpc.ypupdated&#039; Command Execution (1)
1994-02-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Sun Solaris rpc.ypupdated Command Injection (CVE-1999-0208)
2008-11-18 00:00:00
Preemptive Protection against Sun Solaris rpc.ypupdated Command Injection Vulnerability
2008-07-08 00:00:00
cvelist
cvelist
CVE-1999-0208
1999-09-29 04:00:00
seebug
seebug
多家厂商rpc.ypupdated远程可执行任意命令漏洞
2008-03-25 00:00:00
openvas
openvas
HP-UX Update for rpc.ypupdated HPSBUX01002
2009-05-05 00:00:00
rpc.ypupdated RCE Vulnerability
2008-10-24 00:00:00
cve
cve
CVE-1999-0208
1999-09-29 04:00:00
nessus
nessus
Multiple Vendor NIS rpc.ypupdated YP Map Update Arbitrary Remote Command Execution
2008-03-28 00:00:00

EPSS

0.548

Percentile

97.7%

JSON
Related for SAINT:6AB3AB46AE73E0F0BA5A1E8CA63C8D2C
saint3exploitdb2checkpoint_advisories2cvelist1seebug1openvas2cve1nessus1