Bootparam enabled

Bootparam enabled

Risk Level:	Low	Check or Attack Name: bootparam
Platforms:	Unix
Description:	Bootparam was detected as running. If a machine is running bootparam, then it is probably a server to diskless clients. An attacker can obtain the domain name from bootparam if they can guess which machines are the client and servers. Since many NIS implementations provide no access control, an attacker can use the domain name to make NIS provide the password file.
Remedy:	Disable bootparamd if it is not required as a server for diskless clients, or patch NIS. Several vendors have added access control to their NIS implementation. Check your system documentation or the vendorÆs patch list. The control file is sometimes called securenets. As a workaround, consider the following suggestions: Run a portmapper with access control. Block port 111 (portmap) on your network gateway, making attacks on NIS and NFS mount daemons much harder. Enforce a policy for choosing passwords by installing an alternative passwd command, for example anlpasswd. Information is available from ftp://ftp.auscert.org.au/pub/mirrors/info.mcs.anl.gov/README.INSTALL.ANLPASSWD, and the anlpasswd program is available from ftp://ftp.auscert.org.au/pub/mirrors/info.mcs.anl.gov/anlpasswd.tar.Z.
References:	CERT Advisory CA-92.13, SunOS NIS Vulnerability, http://www.cert.org/ftp/cert_advisories/CA-92:13.SunOS.NIS.vulnerability CERT Advisory CA-93.01, Revised Hewlett-Packard NIS ypbind Vulnerability, http://www.cert.org/ftp/cert_advisories/CA-93:01.REVISED.HP.NIS.ypbind.vulnerability AUSCERT Advisory AA-95.03, An overview of SATAN, http://ftp.sunet.se/pub/security/csir/auscert/auscert-advisory/AA-95.03.An.overview.of.SATAN CERT Advisory CA-93.01, Revised Hewlett-Packard NIS ypbind Vulnerability, http://www.cert.org/advisories/CA-93.01.REVISED.HP.NIS.ypbind.vulnerability.html CERT Advisory CA-92.13, SunOS NIS Vulnerability, http://www.cert.org/advisories/CA-92.13.SunOS.NIS.vulnerability.html

Know Your Risks