https://www.exploit-db.com/exploits/20879
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200110-064

Solaris2.6，7和8版本中rpc.yppasswdd(yppasswdserver)存在缓冲区溢出漏洞。远程攻击者借助超长用户名获取根访问权限。

source: http://www.securityfocus.com/bid/2763/info

The rpc.yppasswdd server is used to handle password change requests from yppasswd and modify the NIS password file.

A buffer overrun vulnerability has been discovered in the rpc.yppasswdd utility distributed by multiple vendors. The problem occurs due to insufficient bounds checking before copying remotely-supplied user information into a static memory buffer. As a result, a malicious user may be capable of exploiting this issue to overwrite sensitive locations in memory and thus execute arbitrary code with superuser privileges. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/20879.tar.gz

来源:US-CERTVulnerabilityNote:VU#327281
名称:VU#327281
链接:http://www.kb.cert.org/vuls/id/327281
来源:XF
名称:solaris-yppasswd-bo(6629)
链接:http://xforce.iss.net/static/6629.php
来源:BID
名称:2763
链接:http://www.securityfocus.com/bid/2763
来源:BUGTRAQ
名称:20011004PatchesforSolarisrpc.yppasswddavailable
链接:http://www.securityfocus.com/archive/1/[email protected]
来源:BUGTRAQ
名称:20010528solaris2.6,7yppasswdvulnerability
链接:http://www.securityfocus.com/archive/1/187086
来源:CIAC
名称:M-008
链接:http://www.ciac.org/ciac/bulletins/m-008.shtml
来源:SUN
名称:00209
链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc;=secbull/209
来源:USGovernmentResource:oval:org.mitre.oval:def:56
名称:oval:org.mitre.oval:def:56
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:56
来源:USGovernmentResource:oval:org.mitre.oval:def:102
名称:oval:org.mitre.oval:def:102
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:102