RPC bootparamd Service Information Disclosure

This script is Copyright (C) 1999-2014 Tenable Network Security, Inc.


Synopsis :

The RPC service running on the remote host has an information
disclosure vulnerability.

Description :

The bootparamd RPC service is running. It is used by diskless clients
to get the necessary information needed to boot properly.

If an attacker uses the BOOTPARAMPROC_WHOAMI and provides the correct
address of the client, then he will get its NIS domain back from
the server. Once the attacker discovers the NIS domain name, he may
easily get your NIS password file.

Solution :

Filter incoming traffic to prevent connections to the portmapper and
to the bootparam daemon, or deactivate this service if you do not use it.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: RPC

Nessus Plugin ID: 10031 (bootparamd.nasl)

Bugtraq ID:

CVE ID: