published date: March 1, 1998

CVE-1999-0795 : The NIS+ rpc.nisd server...

Description

The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.

Product(s):

Sun Solaris
Sun Solaris 1.0.1
Sun Solaris 1.0
Sun Solaris 1.1.1a
Sun Solaris 1.1.2
Sun Solaris 1.1.3
Sun Solaris 1.1.4
Sun Solaris 1.1
Sun Solaris 1.1c
Sun Solaris 1.2
Sun Solaris 10.0
Sun Solaris 10.0 for SPARC
Sun Solaris 10
Sun Solaris 11.0
Sun Solaris 11
Sun Solaris 2.0
Sun Solaris 2.1
Sun Solaris 2.2
Sun Solaris 2.3
Sun Solaris 2.4
Sun Solaris 2.5.1
Sun Solaris 2.5
Sun Solaris 2.6
Sun Solaris 2.6 HW3
Sun Solaris 2.6 x86HW3
Sun Solaris 2.6 HW5
Sun Solaris 2.6 x86HW5
Sun Solaris 2.7
Sun Solaris 2.8
Sun Solaris 4.1.1
Sun Solaris 4.1.2
Sun Solaris 4.1.3
Sun Solaris 4.1.3 U1
Sun Solaris 5.3
Sun Solaris 5.4
Sun Solaris 5.5.1
Sun Solaris 5.5
Sun Solaris 5.6
Sun Solaris 5.8
Sun Solaris 5.9
Sun Solaris 7.0
Sun Solaris 8.0
Sun Solaris 8.1
Sun Solaris 8.2
Sun Solaris 8
Sun Solaris 9.0
Sun Solaris 9.0 for SPARC
Sun Solaris 9.1
Sun Solaris 9
Sun SunOS
Sun SunOS (formerly Solaris)
Sun SunOS 3.5
Sun SunOS 4.0.1
Sun SunOS 4.0.2
Sun SunOS 4.0.3
Sun SunOS 4.0.3c
Sun SunOS 4.0
Sun SunOS 4.1.1
Sun SunOS 4.1.2
Sun SunOS 4.1.3
Sun SunOS 4.1.3c
Sun SunOS 4.1.3u1
Sun SunOS 4.1.4
Sun SunOS 4.1
Sun SunOS 4.1PSR_A
Sun Microsystems Solaris 2.0
Sun SunOS (Solaris 10) 5.10
Sun SunOS (Solaris 10) 5.10 on AMD64
Sun OS 5.10 SPARC
Sun SunOS (Solaris 11) 5.11
Sun SunOS 5.11 (Solaris 11) on SPARC
Sun SunOS (formerly Solaris 11) 5.11 Express
Sun SunOS (Solaris 10) 5.11 on AMD64
Sun SunOS (Solaris 10) 5.11 on x86
Sun Microsystems Solaris 2.1
Sun Microsystems Solaris 2.2
Sun Microsystems Solaris 2.3
Sun Microsystems Solaris 2.4
Sun Microsystems Solaris 2.5.1
Sun Microsystems Solaris 2.5
Sun Microsystems Solaris 2.6
Sun Microsystems Solaris 7
Sun SunOS (Solaris 8) 5.8
Sun SunOS (Solaris 9) 5.9

CVSS:7.5 [Critical]
EPSS:0.76%
Exploitability:10
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-1999-0795, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-1999-0795 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-1999-0795

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales