Multiple Vendor RPC portmapper Access Restriction Bypass

medium Nessus Plugin ID 54586

Language:

Synopsis

The RPC portmapper on the remote host has an access restriction bypass vulnerability.

Description

The RPC portmapper running on the remote host (possibly included with EMC Legato Networker, IBM Informix Dynamic Server, or AIX) has an access restriction bypass vulnerability.

The service will only process pmap_set and pmap_unset requests that have a source address of '127.0.0.1'. Since communication is performed via UDP, the source address can be spoofed, effectively bypassing the verification process. This allows remote, unauthenticated attackers to register and unregister arbitrary RPC services.

A remote attacker could exploit this to cause a denial of service or eavesdrop on process communications.

Solution

Apply the relevant patch from the referenced documents for EMC Legato Networker, IBM Informix Dynamic Server, or AIX. If a different application is being used, contact the vendor for a fix.

Plugin Details

Severity: Medium

ID: 54586

File Name: rpc_pmap_set_udp_spoofing.nasl

Version: 1.17

Type: remote

Family: RPC

Published: 5/19/2011

Updated: 10/17/2023

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS Score Source: CVE-2011-0321

Vulnerability Information

CPE: cpe:/a:ibm:informix, cpe:/a:emc:legato_networker

Required KB Items: Services/udp/rpc-portmapper

Exploit Ease: No known exploits are available

Patch Publication Date: 1/26/2011

Vulnerability Publication Date: 1/26/2011

Reference Information

CVE: CVE-2011-0321, CVE-2011-1210

BID: 46044, 47875

Detections

Analytics