NIS contents.gifindex.gif

NIS

NIS (Network Information Service) contains data such as host files, password files, and e-mail aliases for entire networks. It allows a remote user to obtain copies of the NIS password map information. An intruder who possesses the NIS domain name (often set up as a derivative of the public domain name) can steal information helpful in guessing passwords and gaining unauthorized access. The scanner attempts to find out if the password file is obtainable from NIS. If the scanner can guess the domain name, it shows where the NIS server is.

Fix: The NIS domain name should be something hard to guess. If the scanner can guess it, change the NIS domain name. Also, make sure that if the password file does get out, the passwords are hard to guess. The crack utility and password shadowing help correct this weakness, but NIS/YP (Yellow Pages) transfers include encrypted passwords even if they are shadowed and unreadable on the server. The intruder can decode them at leisure.

Advisories: CERT: CA-95:13,17

NIS Vulnerabilities:

ISS_NT00000000.gif NIS is running. NIS can be used by an intruder to grab the password file from the machine.

ISS_NT00000000.gif Domain Name guessed. The domain name should be hard to guess. It can be used with NIS to grab password files.

ISS_NT00000000.gif NIS password obtained via TCP.

ISS_NT00000000.gif NIS password obtained via UDP.

Risk: Medium.

SunOS Patch ID: 100482-XX at Sun Patches