Bootparam supplies domain name

Risk Level: Low risk vulnerability  Low

Check or Attack Name: bootpdom
Platforms: Unix
Description:

Bootparam supplied the domain name for NIS. With the domain name, an attacker can get NIS to provide the password file.
Remedy:

Disable bootparamd, if it is not required as a server for diskless clients, or patch NIS.

Several vendors have added access control to their NIS implementation. Check your system documentation or the vendorÆs patch list. The control file is sometimes called securenets.

As a workaround, consider the following suggestions:

  • Run a portmapper with access control.
    • Block port 111 (portmap) on your network gateway, making attacks on NIS and NFS mount daemons much harder.
  • Enforce a policy for choosing passwords by installing an alternative passwd command, for example anlpasswd. Information is available from ftp://ftp.auscert.org.au/pub/mirrors/info.mcs.anl.gov/README.INSTALL.ANLPASSWD, and the anlpasswd program is available from ftp://ftp.auscert.org.au/pub/mirrors/info.mcs.anl.gov/anlpasswd.tar.Z.
    • References:

    CERT Advisory CA-92.13, SunOS NIS Vulnerability, http://www.cert.org/ftp/cert_advisories/CA-92:13.SunOS.NIS.vulnerability

    CERT Advisory CA-93.01, Revised Hewlett-Packard NIS ypbind Vulnerability, http://www.cert.org/ftp/cert_advisories/CA-93:01.REVISED.HP.NIS.ypbind.vulnerability

    AUSCERT Advisory AA-95.03, An overview of SATAN, http://ftp.sunet.se/pub/security/csir/auscert/auscert-advisory/AA-95.03.An.overview.of.SATAN

    , ,

    , ,

    X-Force Logo
    Know Your Risks