COMMAND

    NIS+

SYSTEMS AFFECTED

    SunOS 5.4, 5.4_x86 and 5.3

PROBLEM

    NIS+ is a  network-wide name service  that runs under  Solaris. It
    can  be  selected  as  the  name service in /etc/nsswitch.conf. If
    NIS+ is selected, programs with setuid root permissions will  link
    nss_nisplus.so.1  which  is  susceptible  to  a  buffer   overflow
    vulnerability. This vulnerability  may allow non-privileged  users
    to gain root privileges.

SOLUTION

    The vulnerability in NIS+ is fixed by the following patches:

        OS version          Patch ID
        __________          ________
        SunOS 5.4           102277-03
        SunOS 5.4_x86       102278-03
        SunOS 5.3           101736-04