PORTMAPPER: Call It Proc
This protocol anomaly triggers when the portmapper RPC service CALLIT procedure is detected. This procedure is an alternate way of invoking a remote procedure call to a service without directly communicating with the service. The Callit procedure can be dangerous, for example, when a client calls another service through Callit, the portmapper host server considers the remote request like a local one. This may not be a problem if the Callit procedure is properly configured. However, on poorly configured system, an attacker might be able to use it to access control checks, find servers offering vulnerable RPC services, and register or un-register services,
Extended Description
Successful exploitation of the vulnerability could allow a remote attacker to gain access to a server without authentication. An attacker could then further penetrate the system.
References
CVE: CVE-1999-0168
Short Name
PORTMAPPER:INFO:CALLIT-PROC
Severity
Info
Recommended
False
Recommended Action
None
Category
PORTMAPPER
Keywords
CVE-1999-0168 callit portmapper rpc
Release Date
02/19/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3324
False Positive
Unknown
CVSS Score
7.5