| VID |
17033 |
| Severity |
20 |
| Port |
111 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
The RPC rje_mapper service is running. The rje_mapper is part of many Remote Job Entry (RJE) implementations. RJE is a system for batch-oriented transfers between a host and downstream devices, such as printers. The rje_mapper service registers with the RPC portmapper as program 100014.
* References:
http://www.iss.net/security_center/static/268.php
http://andrew2.andrew.cmu.edu/rfc/rfc407.html |
| Recommendation |
Disable the 'rje' rpc service if RJE is not implemented on your network, or use it after asking to the vendor whether not to be vulnerable.
Solaris 10, Solaris 11, Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
1. you become a root, and then stop the service like the following:
# rpcinfo -d [program num] [version num]
2. comment its entry by putting a # at the beginning of the line with 'rje' in /etc/rpc
3. # pkill -HUP (x)inetd |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
