GEN:SID | 1:1273 |
Message | RPC portmap selection_svc request TCP |
Summary | This event is generated when an attempt is made through a portmap GETPORT request to discover the port where the Remote Procedure Call (RPC) selection_svc is listening.
|
Impact | Information disclosure. This request is used to discover which port selection_svc is using. Attackers can also learn what versions of the selection_svc protocol are accepted by selection_svc.
|
Detailed Information | The portmapper service registers all RPC services on UNIX hosts. It can be queried to determine the port where RPC services such as selection_svc run. The selection_svc RPC service is used by SunView, an old windowing system from Sun. A vulnerability exists in selection_svc that allows a remote user to read files that are readable by SunView.
|
Affected Systems | Sun SunOS 3.5 Sun SunOS 4.0 Sun SunOS 4.0.1 Sun SunOS 4.0.2 Sun SunOS 4.0.3 Sun SunOS 4.1 Sun SunOS 4.1.1
|
Attack Scenarios | An attacker can query the portmapper to discover the port where selection_svc runs. This may be a precursor to accessing selection_svc.
|
Ease of Attack | Simple.
|
Corrective Action | Limit remote access to RPC services.
Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines.
Disable unneeded RPC services.
|
Additional References | Bugtraq http://www.securityfocus.com/bid/8
CERT http://www.cert.org/advisories/CA-1990-05.html
Arachnids http://www.whitehats.com/info/IDS25
|
Rule References | arachnids: 25
|