Check Point Advisories

Preemptive Protection against Sun Solaris rpc.ypupdated Command Injection Vulnerability

Check Point Reference: CPAI-2008-102
Date Published: 8 Jul 2008
Severity: High
Last Updated: Tuesday 22 July, 2008
Source: CERT: CA-1995-17
Industry Reference:CVE-1999-0208
Protection Provided by:
Who is Vulnerable? Sun Microsystems Solaris 10 and prior
Vulnerability Description A command injection vulnerability exists in Sun Solaris Network Information Service (NIS). Sun Solaris provides its NIS services through the SUN-RPC remote procedure call (RPC) mechanism. A remote attacker may exploit this issue to inject and execute arbitrary code on a vulnerable system via a specially crafted RPC request.
Vulnerability DetailsThe vulnerability is due to the Sun Solaris rpc.ypupdated service that fails to properly validate user input when processing RPC requests. A remote attacker can exploit this vulnerability by sending a crafted RPC message to a target host. Successful exploitation may allow the attacker to execute arbitrary code on the target system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK