Synopsis'ypupdated -i' is running on this port.
Descriptionypupdated is part of NIS and allows a client to update NIS maps.
This old command execution vulnerability was discovered and fixed in 1995. However, it is still possible to run ypupdated in insecure mode by adding the '-i' option.
Anybody can easily run commands as root on this machine by specifying an invalid map name that starts with a pipe (|) character. Exploits have been publicly available since the first advisory.
SolutionRemove the '-i' option.
If this option was not set, the rpc.ypupdated daemon is still vulnerable to the old flaw; contact your vendor for a patch.
File Name: ypupdated_remote_exec.nasl
Exploit Ease: Exploits are available
Vulnerability Publication Date: 12/12/1994
Metasploit (Solaris ypupdated Command Execution)