RPC portmapper security risk

PashPash Member Posts: 1,600 ■■■■■□□□□□
in Off-Topic
Anyone ever heard of this security risk or have any useful links. Ive done some research but have limited information.

Anyone ever heared of or dealt with this?
DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me.
· Share on FacebookShare on Twitter

Comments

  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Wow, RPC and a vulnerability? No way! :P

    Honestly, there are dozens of vulnerabilities with RPC. DNS, Exchange, DCOM, spoofing, buffer overflows, even third party products like Backup Exec - you name the OS or program, if it uses RPC, you can find a flaw.

    Sorry I can't help out with your specific query without a little more information. Since it's Pashby I'm talking to, I know you've already tried google. :)
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • PashPash Member Posts: 1,600 ■■■■■□□□□□
    sprkymrk wrote:
    Wow, RPC and a vulnerability? No way! :P

    Honestly, there are dozens of vulnerabilities with RPC. DNS, Exchange, DCOM, spoofing, buffer overflows, even third party products like Backup Exec - you name the OS or program, if it uses RPC, you can find a flaw.

    Sorry I can't help out with your specific query without a little more information. Since it's Pashby I'm talking to, I know you've already tried google. :)

    I have googled until my my fingers hurt icon_sad.gif

    I understand the vunrelabilities of RPC but seemingly this is supposed to be regarding the RPC port mapping service, which I thought was for Unix systems only.

    Thanks anyway mark!
    DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me.
    · Share on FacebookShare on Twitter
  • JDMurrayJDMurray Admin Posts: 13,089 Admin
    The RPC vulnerabilities with DCOM are rather old (2003) and have been patched for years. Here a paper on it at SANS and a mention of the exploit on ZDNet.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    JDMurray wrote:
    The RPC vulnerabilities with DCOM are rather old (2003) and have been patched for years. Here a paper on it at SANS and a mention of the exploit on ZDNet.

    I was only using that as 1 of many examples about the problems with RPC over the years. Every few months you can count on another one.

    Pash, here are a few CVE's that have something to do with RPC for 2007, probably not too helpful, but I don't know exactly what the port mapper vulnerability is.

    CVE-2007-5601
    CVE-2007-5462
    CVE-2007-5326
    CVE-2007-4000
    CVE-2007-3999
    CVE-2007-3509
    CVE-2007-2798
    CVE-2007-2442
    CVE-2007-2228
    CVE-2007-1748
    CVE-2007-0165



    Maybe if you have a little more information - like was this another one of those scans done by so-called "security experts" where you just get a canned list of issues?
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • PashPash Member Posts: 1,600 ■■■■■□□□□□
    Thanks JD ill check those links
    sprkymrk wrote:
    JDMurray wrote:
    The RPC vulnerabilities with DCOM are rather old (2003) and have been patched for years. Here a paper on it at SANS and a mention of the exploit on ZDNet.

    I was only using that as 1 of many examples about the problems with RPC over the years. Every few months you can count on another one.

    Pash, here are a few CVE's that have something to do with RPC for 2007, probably not too helpful, but I don't know exactly what the port mapper vulnerability is.

    CVE-2007-5601
    CVE-2007-5462
    CVE-2007-5326
    CVE-2007-4000
    CVE-2007-3999
    CVE-2007-3509
    CVE-2007-2798
    CVE-2007-2442
    CVE-2007-2228
    CVE-2007-1748
    CVE-2007-0165



    Maybe if you have a little more information - like was this another one of those scans done by so-called "security experts" where you just get a canned list of issues?

    Correct mark it was from my friends at IBM icon_rolleyes.gif . Their recommendation is to block TCP & UDP port 111 http://www.auditmypc.com/port/tcp-port-111.asp http://www.auditmypc.com/port/udp-port-111.asp but they say the security risk is low. I have never heared of these vunrebilities and they only appear on our clients windows servers. I looked for a RPC port mapping service but there was no service like that running, only the RPC locator service which didnt have any services dependent on it running. I dont really wanna go blocking ports on critical servers without getting more info.

    Ill check those CVE's out.

    Thanks again guys!
    DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me.
    · Share on FacebookShare on Twitter
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Correct mark it was from my friends at IBM . Their recommendation is to block TCP & UDP port 111

    Sounds like they just had to throw that in to justify their latest bill. I would say you can safely ignore it, or else ask them for the DETAILED report on that recommendation and related CVE/KB/CERT Advisory before you do any port blocking.

    Another option might be (if you are allowed) to run your own scan using something like the free Microsoft Baseline Security Analyzer and see if anything like that pops up.
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.