The rpc.yppasswdd server is used to handle password change requests from yppasswd and modify the NIS password file.
A buffer overrun vulnerability has been discovered in the rpc.yppasswdd utility distributed by multiple vendors. The problem occurs due to insufficient bounds checking before copying remotely-supplied user information into a static memory buffer. As a result, a malicious user may be capable of exploiting this issue to overwrite sensitive locations in memory and thus execute arbitrary code with superuser privileges.
This host is running the 'yppasswd' RPC service. This service handles password change requests and updates the NIS password file. This service contains a buffer overflow that allows an attacker to execute arbitrary code on this host. An attacker can use this to gain access to this host.
This RPC service is usually installed on Sun Solaris. Please upgrade to that latest version of 'yppasswd' available from http://www.sun.com/. Sun Solaris 2.6_x86: Sun Patch 106304-03 Sun Solaris 2.6:v: Sun Patch 106303-03 Sun Solaris 7.0_x86: Sun Patch 111591-02 Sun Solaris 7.0: Sun Patch 111590-02 Sun Solaris 8.0_x86: Sun Patch 111597-02 Sun Solaris 8.0: Sun Patch 111596-02