Solaris 9 Secure NIS Map Exposure

2004-04-19T02:28:00
ID OSVDB:5602
Type osvdb
Reporter Chris Thompson(cet1@cus.cam.ac.uk)
Modified 2004-04-19T02:28:00

Description

Vulnerability Description

Solaris contains a flaw that may lead to an unauthorized information disclosure. The bug causes secure NIS maps not to be treated as secure any longer. Any user on a NIS client may extract the contents of a secure map such as "passwd.adjunct.byname" by using the ypcat and ypmatch functions. This information can be used to gain additional privileges on the system.

Technical Description

This issue affects Solaris 9 installations with patch 113579-03 installed.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Remove patch 113579-03 with patchrm(1m) and then restart the NIS daemons.

Short Description

Solaris contains a flaw that may lead to an unauthorized information disclosure. The bug causes secure NIS maps not to be treated as secure any longer. Any user on a NIS client may extract the contents of a secure map such as "passwd.adjunct.byname" by using the ypcat and ypmatch functions. This information can be used to gain additional privileges on the system.

References:

Secunia Advisory ID:11451 Keyword: c2secure Keyword: ypserv Keyword: yppasswdd Keyword: passwd.adjunct.byname Keyword: ypxfrd Keyword: 113579-03 ISS X-Force ID: 15908 Generic Informational URL: http://www.securityfocus.com/archive/1/360692/2004-04-18/2004-04-24/0