Insecure Access to Secure NIS Maps in Solaris 9

Insecure Access to Secure NIS Maps in Solaris 9

CVE-2004-1942 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname.

Learn more about our Cis Benchmark Audit For Oracle Solaris.