SunOS ypserv domain guessing Vulnerability

SunOS ypserv domain guessing Vulnerability

Solution:
Apply Sun Patch ID 100482-08.

This patch enables "ypserv" to use the file /var/yp/securenets
and, if present, only responds to IP addresses in the
range given. This file is only read when the daemon
starts. To get a change in /var/yp/securenets
to take effect, one must kill and restart the daemons.

The format of the file is one of more lines of:

netmask netaddr

e.g.

255.255.0.0 128.30.0.0
255.255.255.0 128.311.10.0

In the 2nd example, the netmask is 255.255.255.0
and the network address is 128.311.10.0 . This
setup will only allow the ypserv to respond to
those IP addresses which are within the subnet
128.311.10 range.