Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:586 |
Message | RPC portmap selection_svc request UDP |
Summary | This event is generated when an attempt is made through a portmap GETPORT request to discover the port where the Remote Procedure Call (RPC) selection_svc is listening. |
Impact | Information disclosure. This request is used to discover which port selection_svc is using. Attackers can also learn what versions of the selection_svc protocol are accepted by selection_svc. |
Detailed Information | The portmapper service registers all RPC services on UNIX hosts. It can be queried to determine the port where RPC services such as selection_svc run. The selection_svc RPC service is used by SunView, an old windowing system from Sun. A vulnerability exists in selection_svc that allows a remote user to read files that are readable by SunView. |
Affected Systems | Sun SunOS 3.5 Sun SunOS 4.0 Sun SunOS 4.0.1 Sun SunOS 4.0.2 Sun SunOS 4.0.3 Sun SunOS 4.1 Sun SunOS 4.1.1 |
Attack Scenarios | An attacker can query the portmapper to discover the port where selection_svc runs. This may be a precursor to accessing selection_svc. |
Ease of Attack | Simple. |
Corrective Action | Limit remote access to RPC services. Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines. Disable unneeded RPC services. |
Additional References | Bugtraq http://www.securityfocus.com/bid/8 CERT http://www.cert.org/advisories/CA-1990-05.html Arachnids http://www.whitehats.com/info/IDS25 |
Rule References | arachnids: 25 |
--
DID:823933
--
http://www.aanval.com/