MediumCheck or Attack Name: nisdom
The password file is obtainable from Network Information Services (NIS). If the domain name can be guessed, then the NIS server can be used to acquire password files.
Choose a hard to guess NIS domain name and use strong password techniques:
- The NIS domain name should be something hard to guess. If it can be guessed using brute force methods, then change the NIS domain name.
- In the event that an attacker successfully obtains the password file, the passwords should be hard to guess. The crack utility and password shadowing help correct this weakness, but NIS/YP (Yellow Pages) transfers include encrypted passwords even if they are shadowed and unreadable on the server. The intruder can decode them at leisure using brute force methods.
—AND—
Sun users should obtain Patch ID 100482 "SunOS 4.1.3: ypserv, ypxfrd, & portmap security patch (221709 bytes)." All Sun patches are at http://sunsolve.sun.com/sunsolve/pubpatches/patches.html.
CERT Advisory CA-95.17, rpc.ypupdated Vulnerability, http://www.cert.org/ftp/cert_advisories/CA-95:17.rpc.ypupdated.vul
CERT Advisory CA-95.17, rpc.ypupdated Vulnerability, http://www.cert.org/advisories/CA-95.17.rpc.ypupdated.vul.html
