Ypbind -ypset/-ypsetme Vulnerability
BID:1441
Info
Ypbind -ypset/-ypsetme Vulnerability
| Bugtraq ID: | 1441 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-1999-0298 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Feb 05 1997 12:00AM |
| Updated: | Jul 11 2009 02:56AM |
| Credit: | This vulnerability was first reported by Network Associates in an advisory on February 5, 1997. |
| Vulnerable: |
Sun SunOS 4.1.3 Slackware Linux 2.0 |
| Not Vulnerable: | |
Discussion
Ypbind -ypset/-ypsetme Vulnerability
Ypbind is an RPC service that allows NIS clients to locate NIS services on a network. Certain versions of ypbind contain a vulnerability when the service is run with the -ypset and -ypsetme switches than can allow a remote or local user to overwrite certain files on the filesystem. By executing the RPC procedure YPBINDPROC_SETDOMAIN with a path that includes the special path characters '..' it is possible to overwrite or create any file with a '.2' extension. This would allow for example an attacker to overwrite any section 2 man page.
Ypbind is an RPC service that allows NIS clients to locate NIS services on a network. Certain versions of ypbind contain a vulnerability when the service is run with the -ypset and -ypsetme switches than can allow a remote or local user to overwrite certain files on the filesystem. By executing the RPC procedure YPBINDPROC_SETDOMAIN with a path that includes the special path characters '..' it is possible to overwrite or create any file with a '.2' extension. This would allow for example an attacker to overwrite any section 2 man page.
Exploit / POC
Ypbind -ypset/-ypsetme Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Ypbind -ypset/-ypsetme Vulnerability
Solution:
From the Network Associates advisory:
We suggest that you not invoke ypbind with either the -ypset or -ypsetme options. It would be better practice to define which NIS clients may bind to which NIS servers in local configuration files.
Solution:
From the Network Associates advisory:
We suggest that you not invoke ypbind with either the -ypset or -ypsetme options. It would be better practice to define which NIS clients may bind to which NIS servers in local configuration files.
References
Ypbind -ypset/-ypsetme Vulnerability
References:
References:
- Gauntlet Advisory and Patches (COVERT Research Center)