Multiple Vendor RPC.YPUpdated Command Execution Vulnerability

BID:1749

Info

Multiple Vendor RPC.YPUpdated Command Execution Vulnerability

Bugtraq ID: 1749
Class: Input Validation Error
CVE: CVE-1999-0208
Remote: Yes
Local: No
Published: Dec 19 1995 12:00AM
Updated: Dec 04 2008 04:41PM
Credit: This vulnerability was discovered by Josh D. <[email protected]> from Avalon Security Research.
Vulnerable: Sun SunOS 4.1.4 -JL
Sun SunOS 4.1.4
Sun SunOS 4.1.3 c
Sun SunOS 4.1.3 _U1
Sun SunOS 4.1.3
Sun SunOS 4.1.2
Sun SunOS 4.1.1
Sun SunOS 4.1 PSR_A
Sun SunOS 4.1
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 10.0_x86
Sun Solaris 10.0
Sun Solaris 10
Sun OpenSolaris build snv_89
Sun OpenSolaris build snv_88
Sun OpenSolaris build snv_87
Sun OpenSolaris build snv_85
Sun OpenSolaris build snv_80
Sun OpenSolaris build snv_68
Sun OpenSolaris build snv_67
Sun OpenSolaris build snv_64
Sun OpenSolaris build snv_59
Sun OpenSolaris build snv_57
Sun OpenSolaris build snv_50
Sun OpenSolaris build snv_39
Sun OpenSolaris build snv_36
Sun OpenSolaris build snv_22
Sun OpenSolaris build snv_19
Sun OpenSolaris build snv_13
Sun OpenSolaris build snv_02
Sun OpenSolaris build snv_01
SGI IRIX 6.0.1 XFS
SGI IRIX 6.0.1
SGI IRIX 6.0
SGI IRIX 5.3 XFS
SGI IRIX 5.3
SGI IRIX 5.2
SGI IRIX 5.1.1
SGI IRIX 5.1
SGI IRIX 5.0.1
SGI IRIX 5.0
SGI IRIX 4.0.5 IPR
SGI IRIX 4.0.5 H
SGI IRIX 4.0.5 G
SGI IRIX 4.0.5 F
SGI IRIX 4.0.5 E
SGI IRIX 4.0.5 D
SGI IRIX 4.0.5 A
SGI IRIX 4.0.5 (IOP)
SGI IRIX 4.0.5
SGI IRIX 4.0.4 T
SGI IRIX 4.0.4 B
SGI IRIX 4.0.4
SGI IRIX 4.0.3
SGI IRIX 4.0.2
SGI IRIX 4.0.1 T
SGI IRIX 4.0.1
SGI IRIX 4.0
SGI IRIX 3.3.3
SGI IRIX 3.3.2
SGI IRIX 3.3.1
SGI IRIX 3.3
SGI IRIX 3.2
NEC UX/4800 (64)
NEC UP-UX/V (Rel4.2MP)
NEC Ews-Ux V (Rel4.2MP)
NEC Ews-Ux V (Rel4.2)
IBM AIX 4.1
IBM AIX 3.2
HP HP-UX 10.20
HP HP-UX 10.10
HP HP-UX 10.1 0
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.11
HP HP-UX B.11.00
Not Vulnerable: NEC Ews-Ux V (Rel4.0)

Discussion

Multiple Vendor RPC.YPUpdated Command Execution Vulnerability

The 'rpc.ypupdated' deamon is part of the Network Information Service (NIS) or Yellow Pages (YP). It allows clients to update NIS maps. A vulnerability in 'rpc.ypupdated' allows a malicious user to execute commands as root.

After receiving a request to update the Yello Pages maps, 'ypupdated' executes a copy of the bource shell to run the 'make' command to recompute the maps whether the request for changes was sucessful or not. Because of bad input validation while executing 'make', an attacker can pass shell metacharacters to the shell and can execute commands.

This is issue is tracked by Sun BugIDs 1230027 and 1232146.

Exploit / POC

Multiple Vendor RPC.YPUpdated Command Execution Vulnerability

The following exploits are available:

Solution / Fix

Multiple Vendor RPC.YPUpdated Command Execution Vulnerability

Solution:
HP has released an advisory dealing with this issue. Please see the references for more information.


Sun Solaris 8_sparc

Sun Solaris 10

Sun Solaris 9

Sun Solaris 9_x86

Sun Solaris 8_x86

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report