RPC bind service on improper port

Risk Level: Medium risk vulnerability  Medium

Check or Attack Name: rpc32771
Platforms: Solaris: 2.3, Solaris: 2.4, Solaris: 2.5, Solaris: 2.5.1, Solaris: 2.5 x86, Solaris: 2.5.1 x86, Solaris: 2.4 x86
Description:

Normally, the rpcbind service only listens on port 111. Under Solaris, the rpcbind service will also listen under port 32771, sometimes allowing attackers to bypass packet filtering.
Remedy:

Solaris users should obtain and install the following patches:

  • Solaris 2.5.1: 104331-02
  • Solaris 2.5.1_x86: 104332-02
  • Solaris 2.5: 104357-02
  • Solaris 2.5_x86: 104358-02
  • Solaris 2.4: 102070-03
  • Solaris 2.4_x86: 102071-03
  • Solaris 2.3: 102034-02
References:

Network Associates, Inc. Security Advisory #15, Solaris rpcbind weaknesses, http://www.nai.com/nai_labs/asp_set/advisory/15_solaris_rpcbind_adv.asp

Sun Microsystems, Inc. Security Bulletin #00142, Vulnerability in rpcbind, http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/142&type=0&nav=sec.sba
X-Force Logo
Know Your Risks