NIS : bootparamd service

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.10031

Category: NIS

Title: bootparamd service

Summary: NOSUMMARY

Description: Description:

The bootparamd RPC service is running.
It is used by diskless clients to get
the necessary information needed to
boot properly.

If an attacker uses the BOOTPARAMPROC_WHOAMI
and provides the correct address of the client,
then he will get its NIS domain back from
the server. Once the attacker discovers the NIS domain
name, it may easily get your NIS password
file.

Solution : filter incoming traffic to prevent connections
to the portmapper and to the bootparam daemon,
or deactivate this service if you do not use it.

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-1999-0647

Copyright This script is Copyright (C) 1999 Renaud Deraison

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.10031
Category:	NIS
Title:	bootparamd service
Summary:	NOSUMMARY
Description:	Description: The bootparamd RPC service is running. It is used by diskless clients to get the necessary information needed to boot properly. If an attacker uses the BOOTPARAMPROC_WHOAMI and provides the correct address of the client, then he will get its NIS domain back from the server. Once the attacker discovers the NIS domain name, it may easily get your NIS password file. Solution : filter incoming traffic to prevent connections to the portmapper and to the bootparam daemon, or deactivate this service if you do not use it. Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-1999-0647
Copyright	This script is Copyright (C) 1999 Renaud Deraison