RPC bootparamd Service Information Disclosure (Deprecated)

Medium Nessus Plugin ID 10031

Synopsis

This plugin has been deprecated.

Description

The bootparamd RPC service is running. It is used by diskless clients to get the necessary information needed to boot properly.

If an attacker uses the BOOTPARAMPROC_WHOAMI and provides the correct address of the client, then he will get its NIS domain back from the server. Once the attacker discovers the NIS domain name, he may easily get your NIS password file.

Plugin Details

Severity: Medium

ID: 10031

File Name: bootparamd.nasl

Version: 1.31

Type: remote

Family: RPC

Published: 1999/08/30

Updated: 2019/04/16

Dependencies: 10223

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: rpc/portmap

Vulnerability Publication Date: 1991/01/01