IRIX rpc.yppasswdd Unspecified Remote Overflow

high Nessus Plugin ID 11021

Synopsis

Arbitrary code may be run on the remote host.

Description

The remote RPC service #100009 (yppasswdd) is vulnerable to a buffer overflow which allows any user to obtain a root shell on this host.

Note: This issue is different than the one described in CVE-2002-0357 / SGI advisory #20020601-01-P.

Solution

Disable this service if you don't use it.

Plugin Details

Severity: High

ID: 11021

File Name: sgi_rpc_passwd.nasl

Version: 1.27

Type: remote

Family: RPC

Published: 6/8/2002

Updated: 8/13/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport, rpc/portmap

Excluded KB Items: rpc/yppasswd/sun_overflow

Vulnerability Publication Date: 6/1/2002

Detections

Analytics