Remote Buffer Overflow in the rpc.nisd program

Impact

A remotebuffer overflow exists in unpatched versions of the Solaris 2.3 through 2.6 rpc.nisd, which allows attackers to gain root access on the vulnerable host.

Background

The rpc.nisd program is a rpc program that implements the NIS+ service. A malicious user could exceed the maximum length of one the nisd arguments and cause the program to execute arbitrary code.

Resolution

If you are running Solaris 2.3 through 2.6, disable the rpc.nisd daemon in by renaming the /var/nis if you are do not need NIS+. If you are running NIS+, apply the proper patch:

 	105401-12:       Solaris 5.6
 	105402-12:       Solaris 5.6_x86
 	103612-41:       Solaris 5.5.1
 	103613-41:       Solaris 5.5.1_x86
 	103187-38:       Solaris 5.5
 	103188-38:       Solaris 5.5_x86
 	101973-35:       Solaris 5.4
 	101974-35:       Solaris 5.4_x86
 

Reference(s):

CVE Reference(s):