GEN:SID 1:2014
Message RPC portmap UNSET attempt TCP 111
Summary Remote Procedure Call (RPC) is a facility that enables a machine to
request a service from another remote machine. This is done without the
need for detailed network information. Some versions of RPC have a
vulnerability that allows an a remote host to register (and un-register)
applications from a spoofed source.
Impact Possible denial of service (DoS) against the target host. Potential
remote root compromise of the target system.
Detailed Information Certain versions of rpcbind portmapper contain a flaw that could allow
an attacker capable of spoofing TCP packets to set and unset calls to
arbitrary RPC programs.

A denial of service could be instigated against the target machine that
could render network file system services and other such network
available services unavailable to network users.

It is also possible for the attacker to gain super user access depending
on the RPC service he is able to register. This could then lead to a
compromise of all resources on the network the victim is attached to.
Affected Systems All machines running vulnerable RPC services.
Attack Scenarios The attacker could potentially spoof TCP packets for pmap_set to
register an RPC service. The attacker might also spoof TCP packets to
un-register needed services via pmap_unset.
Ease of Attack Simple
Corrective Action RPC services should not be available outside the local area network,
filter RPC ports at the firewall to ensure access is denied to RPC
enabled machines.

RPC services should also be disabled where not needed.
Additional References BugTraq:
http://www.securityfocus.com/bid/1892
Rule References bugtraq: 1892