Note: This is an archival copy of Security Sun Alert 200640 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000501.1.
Article ID : 1000501.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-04-13
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the ypserv(1M) and ypxfrd(1M) Daemons

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 2.5.1
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4737417

Date of Workaround Release
15-OCT-2002

Date of Resolved Release
14-APR-2003

Impact

Non-privileged local users can gain access to sensitive system information, e.g., the access-restricted /etc/shadow(5) file on an NIS server.

Sun acknowledges with thanks, Janusz Niewiadomski of iSEC, for bringing this issue to our attention.

This issue is described in the CERT Vulnerability VU#538033 (see http://www.kb.cert.org/vuls/id/538033).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 2.5.1
  • Solaris 2.6 without patch 108890-02
  • Solaris 7 without patch 106541-24
  • Solaris 8 without patch 109328-03
  • Solaris 9 without patch 113579-01

x86 Platform

  • Solaris 2.5.1
  • Solaris 2.6 without patch 108891-02
  • Solaris 7 without patch 106542-24
  • Solaris 8 without patch 109329-03

Note: Solaris 9 for the x86 platform is not impacted by this issue.


Symptoms

There are no predictable symptoms that would show the described issue has been exploited.


Workaround

Until patches are available and can be applied, there are two workarounds, either of which will prevent the exploitation of this vulnerability:

1) Block access to the affected services listed above from untrusted networks such as the Internet or disable the daemons where possible. Use a firewall or other packet-filtering technology to block the appropriate network ports. Consult your vendor or your firewall documentation for detailed instructions on how to configure the ports.

2) Disallow users from logging into the NIS servers.

3) Disable the "ypserv" and "ypxfrd" daemons where possible, i.e. do not run them on servers that are not supposed to function as NIS servers.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 2.6 with patch 108890-02 or later
  • Solaris 7 with patch 106541-24 or later
  • Solaris 8 with patch 109328-03 or later
  • Solaris 9 with patch 113579-01 or later

x86 Platform

  • Solaris 2.6 with patch 108891-02 or later
  • Solaris 7 with patch 106542-24 or later
  • Solaris 8 with patch 109329-03 or later

Note: Solaris 2.5.1 will require an upgrade to a later release.



Modification History
Date: 29-NOV-2002
  • Patches are available for Solaris 2.6, Solaris 8, and Solaris 9

Date: 14-MAR-2003
  • Updated Relief/Workaround with Temporary patches

Date: 14-APR-2003
  • State: Resolved
  • Updated Contributing Factors, Relief/Workaround and Resolution sections


References

108890-02
108891-02
108754-02
108755-02
109328-03
109329-03
113579-01
106541-24
106542-24




Attachments
This solution has no attachment