cbcvebase.
CVE-2001-0779
published 2001-10-18

CVE-2001-0779: Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.

PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
62.19%
99.1th percentile
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.

Affected

5 ranges
VendorProductVersion rangeFixed in
sunsolaris
sunsolaris
sunsolaris
sunsunos
sunsunos

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20879.tar.gz
snort
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL RPC yppasswd username overflow attempt UDP"; content:"|00 01 86 A9|"; depth:4; offset:12; content:"|00 00 00 01|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; byte_jump:4,0,relative,align; byte_test:4,>,64,0,relative; content:"|00 00 00 00|"; depth:4; offset:4; reference:bugtraq,2763; reference:cve,2001-0779; classtype:rpc-portmap-decode; sid:2102025; rev:10; metadata:created_at 2010_09_23, cve CVE_2001_0779, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
bytes
|00 01 86 A9|
bytes
|00 00 00 01|
bytes
|00 00 00 00|
  • Detect UDP packets targeting rpc.yppasswdd (RPC program number 0x000186A9) where the username field length exceeds 64 bytes, indicating a buffer overflow attempt.
  • The exploit is delivered over UDP to any port (dynamic RPC port); filter on RPC program ID 0x000186A9 (yppasswdd) at offset 12, depth 4 in the UDP payload.
  • The vulnerability is triggered by a remotely-supplied long username copied into a static memory buffer without bounds checking; monitor for oversized username fields (>64 bytes) in yppasswd RPC calls.
  • ·The Snort rule targets UDP only; rpc.yppasswdd may also be reachable over TCP depending on portmapper configuration — additional TCP coverage may be needed.
  • ·The rule matches any destination port ($HOME_NET any) because rpc.yppasswdd registers dynamically with the portmapper; blocking a fixed port is insufficient.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.