| VID |
12035 |
| Severity |
40 |
| Port |
|
| Protocol |
UDP |
| Class |
RPC |
| Detailed Description |
The remote RPC service 100009 (yppasswdd) is vulnerable to a buffer overflow which allows any user to obtain a root shell remotely on this host. The rpc.yppasswdd server is used to handle password change requests from yppasswd and modify the NIS password file.
SGI IRIX versions 6.5.15 and earlier can allow a local or remote attacker to gain root privileges on the system.
* Warning: The service may be crashed by a buffer overflow test. Therefore restarting the service is required in order to regain normal functionality.
* Platforms Affected:
IRIX 6.5.15 and earlier
* References:
http://online.securityfocus.com/bid/4939
http://www.iss.net/security_center/static/9261.php |
| Recommendation |
Upgrade to the latest version of SGI IRIX (6.5.16 or later) or apply the appropriate patch for your system, as listed in SGI Security Advisory 20020601-01-P, ftp://patches.sgi.com/support/free/security/advisories/20020601-01-P |
| Related URL |
CVE-2002-0357 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
