header-logo
Suggest Exploit
vendor:
Solaris
by:
milw0rm.com
7.8
CVSS
HIGH
Remote Root Exploit
119
CWE
Product Name: Solaris
Affected Version From: Sun Solaris <= 10
Affected Version To: Sun Solaris <= 10
Patch Exists: YES
Related CWE: N/A
CPE: o:sun:solaris:10
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Solaris
2008

Sun Solaris <= 10 rpc.ypupdated Remote Root Exploit

This exploit allows remote attackers to execute arbitrary code on vulnerable installations of Sun Solaris. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rpc.ypupdated service. This service is used to update the NIS maps on a system. The service does not properly validate the length of user-supplied data before copying it to a fixed-length stack buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of root.

Mitigation:

Upgrade to Sun Solaris 10 Update 8 or later.
Source

Exploit-DB raw data:

Sun Solaris <= 10 rpc.ypupdated Remote Root Exploit

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20259.tar.gz (2008-ypk2008.tar.gz)

# milw0rm.com [2008-03-20]

Navigation

Suggest Exploit

Services By CQR