Multiple Vendor NIS rpc.ypupdated YP Map Update Arbitrary Remote Command Execution
High Nessus Plugin ID 31683
Synopsis'ypupdated -i' is running on this port.
Descriptionypupdated is part of NIS and allows a client to update NIS maps.
This old command execution vulnerability was discovered and fixed in 1995. However, it is still possible to run ypupdated in insecure mode by adding the '-i' option.
Anybody can easily run commands as root on this machine by specifying an invalid map name that starts with a pipe (|) character. Exploits have been publicly available since the first advisory.
SolutionRemove the '-i' option.
If this option was not set, the rpc.ypupdated daemon is still vulnerable to the old flaw; contact your vendor for a patch.