Synopsis
'ypupdated -i' is running on this port.
Description
ypupdated is part of NIS and allows a client to update NIS maps.
This old command execution vulnerability was discovered and fixed in 1995. However, it is still possible to run ypupdated in insecure mode by adding the '-i' option.
Anybody can easily run commands as root on this machine by specifying an invalid map name that starts with a pipe (|) character. Exploits have been publicly available since the first advisory.
Solution
Remove the '-i' option.
If this option was not set, the rpc.ypupdated daemon is still vulnerable to the old flaw; contact your vendor for a patch.
Plugin Details
File Name: ypupdated_remote_exec.nasl
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
Exploit Ease: Exploits are available
Vulnerability Publication Date: 12/12/1994
Exploitable With
Metasploit (Solaris ypupdated Command Execution)