Exploit code is available for rpc.ypupdated on Solaris 10. If rpc.ypupdated uses the “-i” option during startup it will be vulnerable to the exploit. This can allow an attacker to execute arbitrary code on the affected system. The vulnerability is caused by issues with the handling of map names sent during an update. You should insure that the “-i” option is not being used and that all access to RPC services is limited to known and trusted users. There is currently no patch available and older versions of Solaris may be vulnerable
Exploit available for Solaris 10 rpc.ypupdated
Reply