Exploit HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - 'rpc.ypupdated' Command Execution (2)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20259
Проверка EDB
  1. Пройдено
Автор
ANONYMOUS
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
cve-1999-0208
Дата публикации
1994-02-07
Код:
HP-UX 10.x/11.x,IRIX 3.x/4.x/5.x/6.x,OpenSolaris build snv,Solaris 8/9/10,SunOS 4.1.x RPC.YPUpdated Command Execution (2)
 
source: https://www.securityfocus.com/bid/1749/info
 
The 'rpc.ypupdated' deamon is part of the Network Information Service (NIS) or Yellow Pages (YP). It allows clients to update NIS maps. A vulnerability in 'rpc.ypupdated' allows a malicious user to execute commands as root.
 
After receiving a request to update the Yello Pages maps, 'ypupdated' executes a copy of the bource shell to run the 'make' command to recompute the maps whether the request for changes was sucessful or not. Because of bad input validation while executing 'make', an attacker can pass shell metacharacters to the shell and can execute commands.
 
This is issue is tracked by Sun BugIDs 1230027 and 1232146. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20259.tar.gz
 
Источник
www.exploit-db.com

Похожие темы