This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The RPC portmapper on the remote host has an access restriction bypass
The RPC portmapper running on the remote host (possibly included with
EMC Legato Networker, IBM Informix Dynamic Server, or AIX) has an
access restriction bypass vulnerability.
The service will only process pmap_set and pmap_unset requests that
have a source address of '127.0.0.1'. Since communication is
performed via UDP, the source address can be spoofed, effectively
bypassing the verification process. This allows remote,
unauthenticated attackers to register and unregister arbitrary RPC
A remote attacker could exploit this to cause a denial of service or
eavesdrop on process communications.
See also :
Apply the relevant patch from the referenced documents for EMC Legato
Networker, IBM Informix Dynamic Server, or AIX. If a different
application is being used, contact the vendor for a fix.
Risk factor :
Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 5.3
Public Exploit Available : true
Nessus Plugin ID: 54586 ()
Bugtraq ID: 4604447875
CVE ID: CVE-2011-0321CVE-2011-1210
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.