Multiple Vendor RPC portmapper Access Restriction Bypass

Medium Nessus Plugin ID 54586

Synopsis

The RPC portmapper on the remote host has an access restriction bypass vulnerability.

Description

The RPC portmapper running on the remote host (possibly included with EMC Legato Networker, IBM Informix Dynamic Server, or AIX) has an access restriction bypass vulnerability.

The service will only process pmap_set and pmap_unset requests that have a source address of '127.0.0.1'. Since communication is performed via UDP, the source address can be spoofed, effectively bypassing the verification process. This allows remote, unauthenticated attackers to register and unregister arbitrary RPC services.

A remote attacker could exploit this to cause a denial of service or eavesdrop on process communications.

Solution

Apply the relevant patch from the referenced documents for EMC Legato Networker, IBM Informix Dynamic Server, or AIX. If a different application is being used, contact the vendor for a fix.

See Also

http://www.zerodayinitiative.com/advisories/ZDI-11-168/

http://www.nessus.org/u?d2273224

http://www.ibm.com/support/docview.wss?uid=swg1IC76179

http://www.ibm.com/support/docview.wss?uid=swg1IC76177

http://www.ibm.com/support/docview.wss?uid=swg1IC76178

http://aix.software.ibm.com/aix/efixes/security/rpc_advisory.asc

Plugin Details

Severity: Medium

ID: 54586

File Name: rpc_pmap_set_udp_spoofing.nasl

Version: 1.7

Type: remote

Family: RPC

Published: 2011/05/19

Modified: 2018/07/27

Dependencies: 11111, 10223

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:informix, cpe:/a:emc:legato_networker

Required KB Items: Services/udp/rpc-portmapper

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/01/26

Vulnerability Publication Date: 2011/01/26

Reference Information

CVE: CVE-2011-0321, CVE-2011-1210

BID: 46044, 47875