NIS Domain Name Password Disclosure

1999-06-07T00:00:00
ID OSVDB:8111
Type osvdb
Reporter OSVDB
Modified 1999-06-07T00:00:00

Description

Vulnerability Description

NIS contains a flaw that may allow a malicious user to get password files. The issue is due to the insufficient access control for NIS Query. By guessing and requesting a domain name, a remote attacker can collect a password file from the NIS map replied by a NIS server, resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Sun Microsystems has released a patch to address this vulnerability.

Short Description

NIS contains a flaw that may allow a malicious user to get password files. The issue is due to the insufficient access control for NIS Query. By guessing and requesting a domain name, a remote attacker can collect a password file from the NIS map replied by a NIS server, resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor Specific Solution URL: http://sunsolve.sun.com/ ISS X-Force ID: 85 Generic Informational URL: http://www.saintcorporation.com/cgi-bin/demo_full_tut.pl?tutorial_name=NIS_password_file_access.html&fact_color=doc&tag= CVE-1999-0521 CERT: CA-1992-13