vendor:
HP-UX, IRIX, OpenSolaris, Solaris, SunOS
by:
SecurityFocus
7.5
CVSS
HIGH
Command Execution
78
CWE
Product Name: HP-UX, IRIX, OpenSolaris, Solaris, SunOS
Affected Version From: HP-UX 10.x/11.x, IRIX 3.x/4.x/5.x/6.x, OpenSolaris build snv, Solaris 8/9/10, SunOS 4.1.x
Affected Version To: HP-UX 10.x/11.x, IRIX 3.x/4.x/5.x/6.x, OpenSolaris build snv, Solaris 8/9/10, SunOS 4.1.x
Patch Exists: YES
Related CWE: N/A
CPE: o:hp:hp-ux:10.x, cpe:/o:sgi:irix:3.x, cpe:/o:sgi:irix:4.x, cpe:/o:sgi:irix:5.x, cpe:/o:sgi:irix:6.x, cpe:/o:sun:opensolaris:build_snv, cpe:/o:sun:solaris:8, cpe:/o:sun:solaris:9, cpe:/o:sun:solaris:10, cpe:/o:sun:sunos:4.1.x
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: HP-UX, IRIX, OpenSolaris, Solaris, SunOS
2002
HP-UX 10.x/11.x,IRIX 3.x/4.x/5.x/6.x,OpenSolaris build snv,Solaris 8/9/10,SunOS 4.1.x RPC.YPUpdated Command Execution (2)
The 'rpc.ypupdated' deamon is part of the Network Information Service (NIS) or Yellow Pages (YP). It allows clients to update NIS maps. A vulnerability in 'rpc.ypupdated' allows a malicious user to execute commands as root. After receiving a request to update the Yello Pages maps, 'ypupdated' executes a copy of the bource shell to run the 'make' command to recompute the maps whether the request for changes was sucessful or not. Because of bad input validation while executing 'make', an attacker can pass shell metacharacters to the shell and can execute commands.
Mitigation:
Input validation should be done while executing 'make' command.
