Note: This is an archival copy of Security Sun Alert 201359 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001032.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Resolved Release
A local or remote unprivileged user may be able to prevent the ypserv(1M) NIS server process from answering NIS name service requests. A Denial of Service (DoS) may occur as clients currently bound to the NIS server may experience hangs or slow performance. Users may no longer be able to log in on affected NIS clients.
This issue can occur in the following releases:
Should the described issue occur, the NIS server will no longer respond to client NIS requests. The ypserv(1M) process may no longer be running on the NIS server.
In the following example, ypcat(1) is seen to hang and is thus aborted with Control-C. The ypwhich(1) command displays the NIS server which is found to be otherwise alive:
$ ypcat hosts | head ^C $ ypwhich yp-server $ ping yp-server yp-server is alive
On the NIS server, the ypserv(1M) process can be verified with the following command:
# pgrep ypserv || echo "ypserv not running"
To work around the described issue if the NIS server is unresponsive or not running, it can be stopped and restarted by running the following commands (as "root"):
# /usr/lib/netsvc/yp/ypstop # /usr/lib/netsvc/yp/ypstart
This issue is addressed in the following releases:
This solution has no attachment