[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Revised Hewlett-Packard NIS ypbind Vulnerability

Title: Revised Hewlett-Packard NIS ypbind Vulnerability
Released by: CERT
Date: 13th January 1993
Printable version: Click here

Hash: SHA1



Lat Revised: September 19,1997

                Attached copyright statement

                                CERT Advisory

                               January 13, 1993

                Revised Hewlett-Packard NIS ypbind Vulnerability

- -----------------------------------------------------------------------------

                   *** THIS IS A REVISED CERT ADVISORY ***


                  *** SUPERSEDES CERT ADVISORY CA-92:17 ***

The CERT Coordination Center has received information concerning a

vulnerability in the NIS ypbind module for the Hewlett-Packard (HP)

HP/UX Operating System for series 300, 700, and 800 computers. 

HP has provided revised patches for all of the HP/UX level 8 releases

(8.0, 8.02, 8.06, and 8.07).  This problem is fixed in HP/UX 9.0.

The following patches have been superseded:

              Patch ID        Replaced by Patch ID

              PHNE_1359       PHNE_1706

              PHNE_1360       PHNE_1707

              PHNE_1361       PHNE_1708

All HP NIS clients and servers running ypbind should obtain and 

install the patch appropriate for their machine's architecture

as described below.

- -----------------------------------------------------------------------------

I.   Description

     A vulnerability in HP NIS allows unauthorized access to NIS data.

II.  Impact

     Root on a remote host running any vendor's implementation of NIS

     can gain root access on any local host running HP's NIS ypbind. 

     Local users of a host running HP's NIS ypbind can also gain root access.

III. Solution


     1) All HP NIS clients and servers running ypbind should obtain and 

        install the patch appropriate for their machine's architecture.

        These patches contain a version of ypbind that only accepts ypset

        requests from a superuser port on the local host.  This prevents

        a non-superuser program from sending rogue ypset requests to ypbind.

        They also include the mod from the superseded patches which prevented

        a superuser on a remote system from issuing a ypset -h command

        to the local system and binding the system to a rogue ypserver.

        These patches may be obtained from HP via FTP (this is NOT

        anonymous FTP) or the HP SupportLine.  To obtain HP security

        patches, you must first register with the HP SupportLine.

        The registration instructions are available via

        anonymous FTP at cert.org ( in the file


        The new patch files are:

     Architecture Patch ID   Filename                               Checksum

     ------------ --------   --------                               --------

     Series 300   PHNE_1706  /hp-ux_patches/s300_400/8.X/PHNE_1706  38955 212

     Series 700   PHNE_1707  /hp-ux_patches/s700/8.X/PHNE_1707        815 311

     Series 800   PHNE_1708  /hp-ux_patches/s800/8.X/PHNE_1708      56971 299

     2) The instructions for installing the patch are provided in the

        PHNE_xxxx.text file (this file is created after the patch has

        been unpacked).

        The checksums listed above are for the patch archive files from HP.

        Once unpacked, each shell archive contains additional checksum 

        information in the file "patchfilename.text".  This checksum is

        applicable to the binary patch file "patchfilename.updt".

If you have any questions about obtaining or installing the patches,

contact the USA HP SupportLine at 415-691-3888, or your local HP

SupportLine number.  Please note that the telephone numbers in this

advisory are appropriate for the USA and Canada. 

- -----------------------------------------------------------------------------

The CERT Coordination Center wishes to thank Brian Kelley of Ford Motor

Company for bringing this vulnerability to our attention.  We would also

like to thank Hewlett-Packard for their response to this problem. 

- -----------------------------------------------------------------------------

If you believe that your system has been compromised, contact the CERT

Coordination Center or your representative in FIRST (Forum of Incident

Response and Security Teams).

Internet E-mail: cert@cert.org

Telephone: 412-268-7090 (24-hour hotline)

           CERT personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),

           on call for emergencies during other hours.

CERT Coordination Center

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890

Past advisories, information about FIRST representatives, and other

information related to computer security are available for anonymous FTP

from cert.org (

- ------------------------------------------------------------------------------

Copyright 1993 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.


Revision History:

September 19,1997  Attached Copyright Statement


Version: PGP for Personal Privacy 5.0

Charset: noconv





(C) 1999-2000 All rights reserved.