Vulnerabilities > CVE-2006-3664 - Denial of Service vulnerability in Sun Solaris NIS Server YPServ

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
sun
nessus

Summary

Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.

Vulnerable Configurations

Part Description Count
OS
Sun
11

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_114342.NASL
    descriptionSunOS 5.9_x86: ypserv/ypxfrd/rpc.yppasswdd. Date this patch was last updated by Sun : Feb/20/07
    last seen2016-09-26
    modified2011-09-18
    plugin id13598
    published2004-07-12
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=13598
    titleSolaris 9 (x86) : 114342-12
    code
    #%NASL_MIN_LEVEL 999999
    
    # @DEPRECATED@
    #
    # This script has been deprecated as the associated patch is not
    # currently a recommended security fix.
    #
    # Disabled on 2011/09/17.
    
    #
    # (C) Tenable Network Security, Inc.
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    include("compat.inc");
    
    if(description)
    {
     script_id(13598);
     script_version("1.26");
    
     script_name(english: "Solaris 9 (x86) : 114342-12");
     script_cve_id("CVE-2006-3664");
     script_set_attribute(attribute: "synopsis", value:
    "The remote host is missing Sun Security Patch number 114342-12");
     script_set_attribute(attribute: "description", value:
    'SunOS 5.9_x86: ypserv/ypxfrd/rpc.yppasswdd.
    Date this patch was last updated by Sun : Feb/20/07');
     script_set_attribute(attribute: "solution", value:
    "You should install this patch for your system to be up-to-date.");
     script_set_attribute(attribute: "see_also", value:
    "https://getupdates.oracle.com/readme/114342-12");
     script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/12");
     script_cvs_date("Date: 2018/08/13 14:32:38");
     script_set_attribute(attribute:"vuln_publication_date", value: "2006/07/13");
     script_end_attributes();
    
     script_summary(english: "Check for patch 114342-12");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
     family["english"] = "Solaris Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/Solaris/showrev");
     exit(0);
    }
    
    
    
    # Deprecated.
    exit(0, "The associated patch is not currently a recommended security fix.");
    
    include("solaris.inc");
    
    e +=  solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114342-12", obsoleted_by:"115696-02 ", package:"SUNWhea", version:"11.9.0,REV=2002.11.04.02.51");
    e +=  solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114342-12", obsoleted_by:"115696-02 ", package:"SUNWnisu", version:"11.9.0,REV=2002.11.04.02.51");
    e +=  solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114342-12", obsoleted_by:"115696-02 ", package:"SUNWypr", version:"11.9.0,REV=2002.11.04.02.51");
    e +=  solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114342-12", obsoleted_by:"115696-02 ", package:"SUNWypu", version:"11.9.0,REV=2002.11.04.02.51");
    if ( e < 0 ) { 
    	if ( NASL_LEVEL < 3000 ) 
    	   security_warning(0);
    	else  
    	   security_warning(port:0, extra:solaris_get_report());
    	exit(0); 
    } 
    exit(0, "Host is not affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_123186.NASL
    descriptionSunOS 5.10: NIS yp utilities patch. Date this patch was last updated by Sun : Sep/02/08
    last seen2018-09-01
    modified2018-08-13
    plugin id22061
    published2006-07-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=22061
    titleSolaris 10 (sparc) : 123186-03
    code
    #%NASL_MIN_LEVEL 80502
    
    # @DEPRECATED@
    #
    # This script has been deprecated as the associated patch is not
    # currently a recommended security fix.
    #
    # Disabled on 2011/09/17.
    
    #
    # (C) Tenable Network Security, Inc.
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    include("compat.inc");
    
    if(description)
    {
     script_id(22061);
     script_version("1.23");
    
     script_name(english: "Solaris 10 (sparc) : 123186-03");
     script_cve_id("CVE-2006-3664");
     script_set_attribute(attribute: "synopsis", value:
    "The remote host is missing Sun Security Patch number 123186-03");
     script_set_attribute(attribute: "description", value:
    'SunOS 5.10: NIS yp utilities patch.
    Date this patch was last updated by Sun : Sep/02/08');
     script_set_attribute(attribute: "solution", value:
    "You should install this patch for your system to be up-to-date.");
     script_set_attribute(attribute: "see_also", value:
    "https://getupdates.oracle.com/readme/123186-03");
     script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
     script_set_attribute(attribute:"plugin_publication_date", value: "2006/07/18");
     script_cvs_date("Date: 2019/10/25 13:36:23");
     script_set_attribute(attribute:"vuln_publication_date", value: "2006/07/13");
     script_end_attributes();
    
     script_summary(english: "Check for patch 123186-03");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
     family["english"] = "Solaris Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/Solaris/showrev");
     exit(0);
    }
    
    
    
    # Deprecated.
    exit(0, "The associated patch is not currently a recommended security fix.");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_109329.NASL
    descriptionSunOS 5.8_x86: ypserv, ypxfr and ypxfrd patch. Date this patch was last updated by Sun : Feb/20/07
    last seen2020-06-01
    modified2020-06-02
    plugin id13430
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13430
    titleSolaris 8 (x86) : 109329-07
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_113579.NASL
    descriptionSunOS 5.9: ypserv/ypxfrd patch. Date this patch was last updated by Sun : Feb/20/07
    last seen2016-09-26
    modified2011-09-18
    plugin id13542
    published2004-07-12
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=13542
    titleSolaris 9 (sparc) : 113579-12
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_122078.NASL
    descriptionSunOS 5.10_x86: NIS yp utilities patch. Date this patch was last updated by Sun : Sep/02/08
    last seen2018-09-01
    modified2018-08-13
    plugin id22062
    published2006-07-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=22062
    titleSolaris 10 (x86) : 122078-04
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_109328.NASL
    descriptionSunOS 5.8: ypserv, ypxfr and ypxfrd patch. Date this patch was last updated by Sun : Feb/20/07
    last seen2020-06-01
    modified2020-06-02
    plugin id13322
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13322
    titleSolaris 8 (sparc) : 109328-07

Oval

accepted2007-09-27T08:57:42.566-04:00
classvulnerability
contributors
namePai Peng
organizationOpsware, Inc.
definition_extensions
  • commentSolaris 8 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1539
  • commentSolaris 9 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1457
  • commentSolaris 10 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1440
  • commentSolaris 8 (x86) is installed
    ovaloval:org.mitre.oval:def:2059
  • commentSolaris 9 (x86) is installed
    ovaloval:org.mitre.oval:def:1683
  • commentSolaris 10 (x86) is installed
    ovaloval:org.mitre.oval:def:1926
descriptionUnspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.
familyunix
idoval:org.mitre.oval:def:1921
statusaccepted
submitted2007-08-10T12:25:27.000-04:00
titleSecurity Vulnerability With NIS server ypserv(1M) May Allow a Denial of Service (DoS) to Occur
version35