Multiple Vendor RPC portmapper Access Restriction Bypass

medium Nessus Plugin ID 54586


The RPC portmapper on the remote host has an access restriction bypass vulnerability.


The RPC portmapper running on the remote host (possibly included with EMC Legato Networker, IBM Informix Dynamic Server, or AIX) has an access restriction bypass vulnerability.

The service will only process pmap_set and pmap_unset requests that have a source address of ''. Since communication is performed via UDP, the source address can be spoofed, effectively bypassing the verification process. This allows remote, unauthenticated attackers to register and unregister arbitrary RPC services.

A remote attacker could exploit this to cause a denial of service or eavesdrop on process communications.


Apply the relevant patch from the referenced documents for EMC Legato Networker, IBM Informix Dynamic Server, or AIX. If a different application is being used, contact the vendor for a fix.

See Also

Plugin Details

Severity: Medium

ID: 54586

File Name: rpc_pmap_set_udp_spoofing.nasl

Version: 1.17

Type: remote

Family: RPC

Published: 5/19/2011

Updated: 10/17/2023

Configuration: Enable thorough checks

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS Score Source: CVE-2011-0321

Vulnerability Information

CPE: cpe:/a:ibm:informix, cpe:/a:emc:legato_networker

Required KB Items: Services/udp/rpc-portmapper

Exploit Ease: No known exploits are available

Patch Publication Date: 1/26/2011

Vulnerability Publication Date: 1/26/2011

Reference Information

CVE: CVE-2011-0321, CVE-2011-1210

BID: 46044, 47875