Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

rpc.ypupdated remote execution

Information

Severity

Severity

Critical

Family

Family

RPC

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Mitigation

Created

Created

15 years ago

Modified

Modified

5 years ago

Share

Summary

ypupdated with the '-i' option enabled is running on this port.

Insight

Insight

ypupdated is part of NIS and allows a client to update NIS maps. This old command execution vulnerability was discovered in 1995 and fixed then. However, it is still possible to run ypupdated in insecure mode by adding the '-i' option. Anybody can easily run commands as root on this machine by specifying an invalid map name that starts with a pipe character. Exploits have been publicly available since the first advisory.

Solution

Solution

Remove the '-i' option. If this option was not set, the rpc.ypupdated daemon is still vulnerable to the old flaw. Contact your vendor for a patch.

Common Vulnerabilities and Exposures (CVE)