GEN:SID 1:2017
Message RPC portmap espd request UDP
Summary Embedded Support Partner (ESP) is an integral part of the SGI IRIX
operating system to enable remote support for the operating system

A vulnerability exists in the Embedded Support Partner Daemon (ESP) that
could lead to arbitrary commands being executed on a target host.
Impact Remote super user access leading to a compromise of the target machine
along with any network resources that machine is connected to.
Detailed Information The ESP daemon is an RPC (Remote Procedure Call) resource used on SGI
IRIX systems. The ESP daemon runs with the privileges of the root user.
IRIX version 6.5.8 and prior are susceptible to a buffer overflow of the
ESP daemon leading to a remote root compromise of the affected host.
Affected Systems SGI IRIX 6.5.8 and earlier.
Attack Scenarios The attacker would need to craft a packet that would lead to the buffer
overflow. No current exploits are available.
Ease of Attack Difficult
Corrective Action All systems running vulnerable versions of rpc.espd should have the appropriate patch applied.

Additionally, the ESP daemon should be disabled where not needed by
commenting out the appropriate line in inetd.conf. The daemon itself can
be made non-executable by removal of the x bit (chmod -x rpc.espd).

RPC services should not be available outside the local area network,
filter RPC ports at the firewall to ensure access is denied to RPC
enabled machines.
Additional References CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0331

Bugtraq:
http://www.securityfocus.com/bid/2714
Rule References bugtraq: 2714
cve: 2001-0331