Solaris rpcbind Listening on a Non-Standard Port Vulnerability

Solaris rpcbind Listening on a Non-Standard Port Vulnerability

The rpcbind program that converts RPC program numbers into universal addresses. When a client makes an RPC call to a given program number, it first connects to rpcbind on the target system to determine the address where the RPC request should be sent.Under Solaris 2.x rpcbind not only listens on the TCP / UDP port 111, but it also listens on UDP ports greater than 32770. The exact number is dependent on the OS release and architecture. Thus, packet filtering devices that are configured to block access to rpcbind / portmapper, may be subverted by sending UDP requests to rpcbind listening above port 32770.This vulnerability may allow an unauthorized user to obtain remote RPC information from a remote system even if port 111 is being blocked.