Description: kcope has discovered a vulnerability in Solaris, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the improper handling of map names sent via an update command to rpc.ypupdated. This can be exploited to execute arbitrary commands on a vulnerable host via map names containing shell escape characters.
Successful exploitation requires that rpc.ypupdated is started with the "-i" command line switch (not used by default).
The vulnerability is confirmed in Solaris 10. Other versions may also be affected.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.