This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The RPC portmapper on the remote host has an access restriction bypass
The RPC portmapper running on the remote host (possibly included with
EMC Legato Networker, IBM Informix Dynamic Server, or AIX) has an
access restriction bypass vulnerability.
The service will only process pmap_set and pmap_unset requests that
have a source address of '127.0.0.1'. Since communication is
performed via UDP, the source address can be spoofed, effectively
bypassing the verification process. This allows remote,
unauthenticated attackers to register and unregister arbitrary RPC
A remote attacker could exploit this to cause a denial of service or
eavesdrop on process communications.
See also :
Apply the relevant patch from the referenced documents for EMC Legato
Networker, IBM Informix Dynamic Server, or AIX. If a different
application is being used, contact the vendor for a fix.
Risk factor :
Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 5.3
Public Exploit Available : true