NIS contains a flaw that may allow a malicious user to get password files. The issue is due to the insufficient access control for NIS Query. By guessing and requesting a domain name, a remote attacker can collect a password file from the NIS map replied by a NIS server, resulting in a loss of confidentiality, integrity, and/or availability.
Currently, there are no known workarounds or upgrades to correct this issue. However, Sun Microsystems has released a patch to address this vulnerability.