Sun Solaris NIS+ Unspecified Remote Denial Of Service Vulnerability

BID:13552

Info

Sun Solaris NIS+ Unspecified Remote Denial Of Service Vulnerability

Bugtraq ID: 13552
Class: Design Error
CVE:
Remote: Yes
Local: No
Published: May 09 2005 12:00AM
Updated: May 09 2005 12:00AM
Credit: This vulnerability was disclosed by the vendor.
Vulnerable: Sun Solaris 9_x86 Update 2
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 7.0_x86
Sun Solaris 7.0
Not Vulnerable: Sun Solaris 10

Discussion

Sun Solaris NIS+ Unspecified Remote Denial Of Service Vulnerability

The rpc.nisd NIS+ daemon on Sun Solaris is vulnerable to an unspecified remote denial of service vulnerability.

This issue allows remote, unprivileged users to either crash the affected daemon process, or to cause the process to enter into an infinite loop, consuming CPU resources. These actions may block legitimate users from utilizing the NIS+ service.

Repeated attacks may result in disabling all NIS+ servers in a network, leading to a sustained denial of service for the directory service. This would likely cause all dependent services and authentication processes to fail.

Sun Solaris versions 7, 8, and 9 are affected by this issue.

This BID will be updated as further information is disclosed.

Exploit / POC

Sun Solaris NIS+ Unspecified Remote Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

References

Sun Solaris NIS+ Unspecified Remote Denial Of Service Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report