Sun Solaris NIS+ Unspecified Remote Denial Of Service Vulnerability
BID:13552
Info
Sun Solaris NIS+ Unspecified Remote Denial Of Service Vulnerability
| Bugtraq ID: | 13552 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2005 12:00AM |
| Updated: | May 09 2005 12:00AM |
| Credit: | This vulnerability was disclosed by the vendor. |
| Vulnerable: |
Sun Solaris 9_x86 Update 2 Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 7.0_x86 Sun Solaris 7.0 |
| Not Vulnerable: |
Sun Solaris 10 |
Discussion
Sun Solaris NIS+ Unspecified Remote Denial Of Service Vulnerability
The rpc.nisd NIS+ daemon on Sun Solaris is vulnerable to an unspecified remote denial of service vulnerability.
This issue allows remote, unprivileged users to either crash the affected daemon process, or to cause the process to enter into an infinite loop, consuming CPU resources. These actions may block legitimate users from utilizing the NIS+ service.
Repeated attacks may result in disabling all NIS+ servers in a network, leading to a sustained denial of service for the directory service. This would likely cause all dependent services and authentication processes to fail.
Sun Solaris versions 7, 8, and 9 are affected by this issue.
This BID will be updated as further information is disclosed.
The rpc.nisd NIS+ daemon on Sun Solaris is vulnerable to an unspecified remote denial of service vulnerability.
This issue allows remote, unprivileged users to either crash the affected daemon process, or to cause the process to enter into an infinite loop, consuming CPU resources. These actions may block legitimate users from utilizing the NIS+ service.
Repeated attacks may result in disabling all NIS+ servers in a network, leading to a sustained denial of service for the directory service. This would likely cause all dependent services and authentication processes to fail.
Sun Solaris versions 7, 8, and 9 are affected by this issue.
This BID will be updated as further information is disclosed.
Exploit / POC
Sun Solaris NIS+ Unspecified Remote Denial Of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Sun Solaris NIS+ Unspecified Remote Denial Of Service Vulnerability
Solution:
Sun has released Sun Alert ID 57780, along with patches to address this issue:
Sun Solaris 7.0_x86
Sun Solaris 9_x86
Sun Solaris 7.0
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 9
Sun Solaris 9_x86 Update 2
Solution:
Sun has released Sun Alert ID 57780, along with patches to address this issue:
Sun Solaris 7.0_x86
-
Sun 106939-09
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -106939-09-1 -
Sun 106943-29
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -106943-29-1
Sun Solaris 9_x86
Sun Solaris 7.0
-
Sun 106938-09
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -106938-09-1 -
Sun 106942-29
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -106942-29-1
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 9
Sun Solaris 9_x86 Update 2
References
Sun Solaris NIS+ Unspecified Remote Denial Of Service Vulnerability
References:
References: