Multiple Vendor NIS rpc.ypupdated YP Map Update Arbitrary Remote Command Execution

This script is Copyright (C) 2008-2011 Tenable Network Security, Inc.

Synopsis :

'ypupdated -i' is running on this port.

Description :

ypupdated is part of NIS and allows a client to update NIS maps.

This old command execution vulnerability was discovered and fixed in
1995. However, it is still possible to run ypupdated in insecure
mode by adding the '-i' option.
Anybody can easily run commands as root on this machine by specifying
an invalid map name that starts with a pipe (|) character. Exploits
have been publicly available since the first advisory.

Solution :

Remove the '-i' option.
If this option was not set, the rpc.ypupdated daemon is still vulnerable
to the old flaw; contact your vendor for a patch.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: RPC

Nessus Plugin ID: 31683 ()

Bugtraq ID: 1749

CVE ID: CVE-1999-0208

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now