IRIX rpc.yppasswdd Unspecified Remote Overflow

High Nessus Plugin ID 11021

Synopsis

Arbitrary code may be run on the remote host.

Description

The remote RPC service #100009 (yppasswdd) is vulnerable to a buffer overflow which allows any user to obtain a root shell on this host.

Note: This issue is different than the one described in CVE-2002-0357 / SGI advisory #20020601-01-P.

Solution

Disable this service if you don't use it.

Plugin Details

Severity: High

ID: 11021

File Name: sgi_rpc_passwd.nasl

Version: 1.27

Type: remote

Family: RPC

Published: 2002/06/08

Updated: 2018/08/13

Dependencies: 10684, 10223

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: rpc/portmap, Settings/ParanoidReport

Excluded KB Items: rpc/yppasswd/sun_overflow

Vulnerability Publication Date: 2002/06/01