COMMAND

    portmap(8)

SYSTEMS AFFECTED

    SunOS (all?), and other vendor plataforms that use the portmapper.

PROBLEM

    There is  a security  problem with  most RPC  portmapper where any
    user can delete  services. This is  done by connecting  to the RPC
    portmapper and simply requesting the service to be deleted.  Under
    SunOS 4.1 and  greater this must  be done from  the localhost, but
    on SunOS 4.0.3  or less, and  on other vendor  plataforms that use
    the portmapper, this can be  done remotely! The problems this  can
    cause  range  from  deleting  services  such as rusersd and rstatd
    (fairly harmless)  to effectively  disabling NIS  or NFS services.
    Under SunOS 4.1 a  console warning/error message is  generated and
    the request denied  if the attack  is remote but  on other systems
    the attack is clean  (meaning the are no  trace logs  of  messages
    to later trace!).