COMMAND

    bootparamd

SYSTEMS AFFECTED

    Most UNIXes.

PROBLEM

    When  a  diskless  client  needs  to  boot,  it uses the bootparam
    protocol to get the necessary information needed from the  server.
    If bootparamd is running one can guess at which is the client  and
    server  or  use  a  program  such as bootparam_prot.x to determine
    which is which.

    If an intruder uses BOOTPARAMPROC_WHOAMI and provides the  address
    of  the  client,  he  will  get  it's  NIS  domain  name back from
    bootparamd.  If you know the  NIS domain name, it may be  possible
    to get a copy of the password file.

SOLUTION

    Make sure  NIS is  patched.   Using packet  filtering (at the very
    least port  111) or  securelib or,  for Suns,  applying Sun  patch
    100482-02 all can help.