Note: This is an archival copy of Security Sun Alert 256748 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020356.1.
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
Date of Resolved Release
A security vulnerability in the Solaris rpc.nisd(1M) daemon may cause a Denial of Service (DoS) condition to a NIS+ server:
A security vulnerability in the Solaris rpc.nisd(1M) daemon may allow remote privileged users on certain NIS+ clients to cause a Denial of Service (DoS) condition to a NIS+ server, preventing the server from responding to all NIS+ client requests.
2. Contributing Factors
This issue can occur in the following releases:
$ uname -vNote 2: This issue only affects systems that are configured as NIS+ Master or Replica servers and have the rpc.nisd(1M) process running on the system.
To determine if a system is a NIS+ Master or Replica server and if the rpc.nisd(1M) service is running, the following command may be run:
On Solaris 10 and OpenSolaris systems:
$ svcs svc:/network/rpc/nisplus:defaultIf the "state" field in the output is "disabled" the system is not configured as a NIS+ Master or Replica server.
On Solaris 8 and 9 systems:
$ pgrep rpc.nisd || echo "This system is not a NIS+ server."
If the described issue occurs, NIS+ commands to lookup NIS+ data may hang. For example, running the following command from the NIS+ server machine may hang:
$ niscat hosts.org_dirThe stack trace of NIS+ server process rpc.nisd(1M) may be similar to the following:
----------------- lwp# 1 / thread# 1 --------------------4. Workaround
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment