[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Vulnerability in nis_cachemgr

Title: Vulnerability in nis_cachemgr
Released by: SUN
Date: 28th October 1997
Printable version: Click here



                   Sun Microsystems, Inc. Security Bulletin


Bulletin Number:        #00155

Date:                   October 28, 1997


Title:                  nis_cachemgr


Permission is granted for the redistribution of this Bulletin, so long as

the Bulletin is not edited and is attributed to Sun Microsystems. Portions

may also be excerpted for re-use in other security advisories so long as

proper attribution is included.

Any other use of this information without the express written consent of

Sun Microsystems is prohibited. Sun Microsystems expressly disclaims all

liability for any misuse of this information by any third party.


1.  Bulletins Topics

    Sun announces the release of patches for Solaris 2.5.1, 2.5, and 2.4

    (SunOS 5.5.1, 5.5, and 5.4) which relate to a vulnerability in


    Sun estimates that the release of a patch for Solaris 2.3 (SunOS 5.3)

    that relate to the same vulnerability will be available within 4 weeks

    of the date of this bulletin.

    Sun strongly recommends that you install the patches listed in section 4

    immediately on systems running SunOS 5.5.1, 5.5, and 5.4 which use


2.  Who is Affected


    Vulnerable:  SunOS versions 5.5.1, 5.5.1_x86, 5.5, 5.5_x86,

                                5.4, 5.4_x86, 5.3

    Not vulnerable: All other supported versions of SunOS.


    The vulnerability does not exist in Solaris 2.6.

3.  Understanding the Vulnerability

    NIS+ clients run nis_cachemgr, a NIS+ utility that caches location

    information about NIS+ servers. This vulnerability, if exploited, allows

    attackers to add bogus directory objects to the global shared cache, in

    effect specifying rogue NIS+ servers that are under their control.

4.  List of Patches

    The vulnerability in nis_cachemgr is fixed by the following patches:

    OS version          Patch ID

    __________          ________

    SunOS 5.5.1         103612-33               

    SunOS 5.5.1_x86     103613-32       

    SunOS 5.5           103187-29       

    SunOS 5.5_x86       103188-29       

    SunOS 5.4           101973-32       

    SunOS 5.4_x86       101974-32       

    SunOS 5.3           101318-89       (to be released in 4 weeks)

5.  Checksum Table

    The checksum table below shows the BSD checksums (SunOS 5.x: /usr/ucb/sum),

    SVR4 checksums (SunOS 5.x: /usr/bin/sum), and the MD5 digital signatures

    for the above-mentioned patches that are available from:



    These checksums may not apply if you obtain patches from your answer


File Name         BSD          SVR4          MD5

_______________   __________   __________    ________________________________

103612-33.tar.Z   42409 3248   60555 6495    63408A137DBE6BEEDAECFA49674F0E5A

103613-32.tar.Z   08972 2939   41390 5878    E613588ADA2845DA2CEDE801FE247ED2

103187-29.tar.Z   47938 3240   14585 6479    D681C0BB1C4267418AEB20F56DDE7FD3

103188-29.tar.Z   36871 2919   14150 5838    F7184B433BF9EDCBA99E81D2039F355A

101973-32.tar.Z   55144 956    44485 1911    A802DA901090B52A27BDC6AE0D386C13

101974-32.tar.Z   41770 826    48991 1652    91AB26639B6CB0902ADE354999751826



A.  Patches listed in this bulletin are available to all Sun customers via

    World Wide Web at:



    Customers with Sun support contracts can also obtain patches from local

    Sun answer centers and SunSITEs worldwide.

B.  Sun security bulletins are available via World Wide Web at:



C.  Sun Security Coordination Team's PGP key is available via World Wide Web




D.  To report or inquire about a security problem with Sun software, contact

    one or more of the following:

        - Your local Sun answer centers

        - Your representative computer security response team, such as CERT

        - Sun Security Coordination Team. Send email to:



E.  To receive information or subscribe to our CWS (Customer Warning System)

    mailing list, send email to:


    with a subject line (not body) containing one of the following commands:

        Command         Information Returned/Action Taken

        _______         _________________________________

        help            An explanation of how to get information

        key             Sun Security Coordination Team's PGP key


        list            A list of current security topics

        query [topic]   The email is treated as an inquiry and is forwarded to

                        the Security Coordination Team

        report [topic]  The email is treated as a security report and is

                        forwarded to the Security Coordinaton Team. Please

                        encrypt sensitive mail using Sun Security Coordination

                        Team's PGP key

        send topic      A short status summary or bulletin. For example, to

                        retrieve a Security Bulletin #00138, supply the

                        following in the subject line (not body):


                                send #138

        subscribe       Sender is added to our mailing list.  To subscribe,

                        supply the following in the subject line (not body):

                                subscribe cws your-email-address


                        Note that your-email-address should be substituted

                        by your email address.


        unsubscribe     Sender is removed from the CWS mailing list.



Version: 2.6.2







(C) 1999-2000 All rights reserved.