On Solaris, a number of RPC vulnerabilities are identified:

On Solaris, a number of RPC vulnerabilities are identified:

. Information found on port unknown (32776/udp)

The sprayd RPC service is running.

If you do not use this service, then

disable it as it may become a security

threat in the future, if a vulnerability

is discovered.

Risk factor : Low

CVE : CAN-1999-0613

. Vulnerability found on port unknown (32773/udp) :

The sadmin RPC service is running.

There is a bug in Solaris versions of

this service that allow an intruder to

execute arbitrary commands on your system.

Solution : disable this service

Risk factor :

High

. Information found on port unknown (32775/udp)

The rusersd RPC service is running.

It provides an attacker interesting

informations such as how often the

system is being used, the names of

the users, and so on.

It usually not a good idea to let this

service open.

Risk factor : Low

CVE : CVE-1999-0626

The admind service is of particular interest, as it is identified as a

Solaris bug leading to a remote exploit. The full nessus results are given

as a separate handout.