| VID |
17001 |
| Severity |
20 |
| Port |
111 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
The rpcbind RPC server on the host present on a non-standard port.
The rpcbind program is a server that converts RPC program numbers into universal addresses. When a client makes an RPC call to a given program number, it first connects to rpcbind on the target system to determine the address where the RPC request should be sent.
Under Solaris 2.x rpcbind not only listens on the TCP / UDP port 111, but it also listens on UDP ports greater than 32770. The exact number is dependent on the OS release and architecture. Thus, packet filtering devices that are configured to block access to rpcbind / portmapper, may be subverted by sending UDP requests to rpcbind listening above port 32770. This vulnerability may allow an unauthorized user to obtain remote RPC information from a remote system even if port 111 is being blocked.
Platforms Affected:
Sun Solaris 2.3
Sun Solaris 2.4 _x86
Sun Solaris 2.4
Sun Solaris 2.5 _x86
Sun Solaris 2.5
Sun Solaris 2.5.1 _x86
Sun Solaris 2.5.1 _ppc
Sun Solaris 2.5.1 |
| Recommendation |
Administrators of the affected computer should obtain and install the following patches from Sun Patch Site, http://sunsolve.sun.com/
o Solaris 2.3: 102034-02
o Solaris 2.4 _x86: 102071-03
o Solaris 2.4: 102070-03
o Solaris 2.5 _x86: 104358-02
o Solaris 2.5: 104357-02
o Solaris 2.5.1 _x86: 104332-02
o Solaris 2.5.1 _ppc: 104331-02
o Solaris 2.5.1: 104331-02
The newest version of Weitse Venema's Rpcbind replacement can be found at:
http://ftp.porcupine.org/pub/security/ |
| Related URL |
CVE-1999-0189 (CVE) |
| Related URL |
205 (SecurityFocus) |
| Related URL |
330 (ISS) |
|
