Note: This is an archival copy of Security Sun Alert 200640 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000501.1.
Article ID : 1000501.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-04-13
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the ypserv(1M) and ypxfrd(1M) Daemons


Release Phase

Solaris 9 Operating System
Solaris 2.5.1
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id

Date of Workaround Release

Date of Resolved Release


Non-privileged local users can gain access to sensitive system information, e.g., the access-restricted /etc/shadow(5) file on an NIS server.

Sun acknowledges with thanks, Janusz Niewiadomski of iSEC, for bringing this issue to our attention.

This issue is described in the CERT Vulnerability VU#538033 (see

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 2.5.1
  • Solaris 2.6 without patch 108890-02
  • Solaris 7 without patch 106541-24
  • Solaris 8 without patch 109328-03
  • Solaris 9 without patch 113579-01

x86 Platform

  • Solaris 2.5.1
  • Solaris 2.6 without patch 108891-02
  • Solaris 7 without patch 106542-24
  • Solaris 8 without patch 109329-03

Note: Solaris 9 for the x86 platform is not impacted by this issue.


There are no predictable symptoms that would show the described issue has been exploited.


Until patches are available and can be applied, there are two workarounds, either of which will prevent the exploitation of this vulnerability:

1) Block access to the affected services listed above from untrusted networks such as the Internet or disable the daemons where possible. Use a firewall or other packet-filtering technology to block the appropriate network ports. Consult your vendor or your firewall documentation for detailed instructions on how to configure the ports.

2) Disallow users from logging into the NIS servers.

3) Disable the "ypserv" and "ypxfrd" daemons where possible, i.e. do not run them on servers that are not supposed to function as NIS servers.


This issue is addressed in the following releases:

SPARC Platform

  • Solaris 2.6 with patch 108890-02 or later
  • Solaris 7 with patch 106541-24 or later
  • Solaris 8 with patch 109328-03 or later
  • Solaris 9 with patch 113579-01 or later

x86 Platform

  • Solaris 2.6 with patch 108891-02 or later
  • Solaris 7 with patch 106542-24 or later
  • Solaris 8 with patch 109329-03 or later

Note: Solaris 2.5.1 will require an upgrade to a later release.

Modification History
Date: 29-NOV-2002
  • Patches are available for Solaris 2.6, Solaris 8, and Solaris 9

Date: 14-MAR-2003
  • Updated Relief/Workaround with Temporary patches

Date: 14-APR-2003
  • State: Resolved
  • Updated Contributing Factors, Relief/Workaround and Resolution sections



This solution has no attachment