RPC bootparamd Service Information Disclosure
Medium Nessus Plugin ID 10031
SynopsisThe RPC service running on the remote host has an information disclosure vulnerability.
DescriptionThe bootparamd RPC service is running. It is used by diskless clients to get the necessary information needed to boot properly.
If an attacker uses the BOOTPARAMPROC_WHOAMI and provides the correct address of the client, then he will get its NIS domain back from the server. Once the attacker discovers the NIS domain name, he may easily get your NIS password file.
SolutionFilter incoming traffic to prevent connections to the portmapper and to the bootparam daemon, or deactivate this service if you do not use it.