GEN:SID 1:1279
Message RPC portmap snmpXdmi request UDP
Summary This event is generated when an attempt is made through a portmap GETPORT request to discover the port where the Remote Procedure Call (RPC) snmpXdmi is listening.
Impact Information disclosure.  This request is used to discover which port snmpXdmi is using.  Attackers can also learn what versions of the snmpXdmi protocol are accepted by snmpXdmi.
Detailed Information The portmapper service registers all RPC services on UNIX hosts. It can be queried to determine the port where RPC services such as snmpXdmi run.  Simple Network Management Protocol (SNMP) and Desktop Management Interface (DMI) are remote management protocols.  The snmpXdmi RPC service translates between SNMP and DMI allowing, the use of either or both.  There is a buffer overflow when translating DMI to SNMP that allows access with the privilege level of snmpXdmi.
Affected Systems Sun Solaris 2.6, 7.0, and 8.0.
Attack Scenarios An attacker can query the portmapper to discover the port where snmpXdmi runs.  This may be a precursor to accessing snmpXdmi.
Ease of Attack Simple.  
Corrective Action Limit remote access to RPC services.

Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines.

Disable unneeded RPC services.
Additional References CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0236

CERT
http://www.cert.org/advisories/CA-2001-05.html

Bugtraq
http://www.securityfocus.com/bid/2417

Rule References bugtraq: 2417
cve: 2001-0236
url: www.cert.org/advisories/CA-2001-05.html