Remote Buffer Overflow in the rpc.nisd program


A remotebuffer overflow exists in unpatched versions of the Solaris 2.3 through 2.6 rpc.nisd, which allows attackers to gain root access on the vulnerable host.


The rpc.nisd program is a rpc program that implements the NIS+ service. A malicious user could exceed the maximum length of one the nisd arguments and cause the program to execute arbitrary code.


If you are running Solaris 2.3 through 2.6, disable the rpc.nisd daemon in by renaming the /var/nis if you are do not need NIS+. If you are running NIS+, apply the proper patch:

 	105401-12:       Solaris 5.6
 	105402-12:       Solaris 5.6_x86
 	103612-41:       Solaris 5.5.1
 	103613-41:       Solaris 5.5.1_x86
 	103187-38:       Solaris 5.5
 	103188-38:       Solaris 5.5_x86
 	101973-35:       Solaris 5.4
 	101974-35:       Solaris 5.4_x86


CVE Reference(s):