Junos OS

Hello,

I am having an issue with a security vulnerability scanner that is reporting a "RPC Portmapper Information" vulnerability (CVE-1999-0632) with the results listed below.

The result section shows the information received by making an RPC call to the portmapper on the target host. It shows the list of all registered RPC

programs.

SOLUTION:

Check to be sure that the information reported adheres to your security policy.

RESULT:

RPC detected on UDP port 68.

RPC detected on UDP port 514.

RPC detected on UDP port 1701.

RPC detected on UDP port 443.

RPC detected on UDP port 80.

RPC detected on UDP port 161.

RPC detected on UDP port 123.

RPC detected on UDP port 67.

I know that this does not mean that these ports are open and responding to probes. After quite a bit of research, I think I understand how this RPC service is probed and how the response is crafted. But there is not a lot of information on this CVE as it relates to Juniper MX routers. I have found some items regarding the SRX, but that has not helped me. Has anyone else dealt with this and know how to keep this from responding. I have created filter rules for all of the above and port 111 and applied to the public facing interface and the loopback interface, but that has not helped either.

Any help is appreciated.

Thanks

Matt

Hi Matt,

can you please share the filter configuration and how you applied it?

Good examples for such filters can be found at https://www.juniper.net/documentation/en_US/day-one-books/Securing_RouteEngine_v2.pdf

Regards

Ulf

Hello,

I am having an issue with a security vulnerability scanner that is reporting a "RPC Portmapper Information" vulnerability (CVE-1999-0632) with the results listed below.

The result section shows the information received by making an RPC call to the portmapper on the target host. It shows the list of all registered RPC

programs.

SOLUTION:

Check to be sure that the information reported adheres to your security policy.

RESULT:

RPC detected on UDP port 68.

RPC detected on UDP port 514.

RPC detected on UDP port 1701.

RPC detected on UDP port 443.

RPC detected on UDP port 80.

RPC detected on UDP port 161.

RPC detected on UDP port 123.

RPC detected on UDP port 67.

I know that this does not mean that these ports are open and responding to probes. After quite a bit of research, I think I understand how this RPC service is probed and how the response is crafted. But there is not a lot of information on this CVE as it relates to Juniper MX routers. I have found some items regarding the SRX, but that has not helped me. Has anyone else dealt with this and know how to keep this from responding. I have created filter rules for all of the above and port 111 and applied to the public facing interface and the loopback interface, but that has not helped either.

Any help is appreciated.

Thanks

Matt

Sure. Here you go.

The interface xe-0/1/3.25 is the interface that is being scanned.

Hi Matt,

can you please share the filter configuration and how you applied it?

Good examples for such filters can be found at https://www.juniper.net/documentation/en_US/day-one-books/Securing_RouteEngine_v2.pdf

Regards

Ulf

Hello,

I am having an issue with a security vulnerability scanner that is reporting a "RPC Portmapper Information" vulnerability (CVE-1999-0632) with the results listed below.

The result section shows the information received by making an RPC call to the portmapper on the target host. It shows the list of all registered RPC

programs.

SOLUTION:

Check to be sure that the information reported adheres to your security policy.

RESULT:

RPC detected on UDP port 68.

RPC detected on UDP port 514.

RPC detected on UDP port 1701.

RPC detected on UDP port 443.

RPC detected on UDP port 80.

RPC detected on UDP port 161.

RPC detected on UDP port 123.

RPC detected on UDP port 67.

I know that this does not mean that these ports are open and responding to probes. After quite a bit of research, I think I understand how this RPC service is probed and how the response is crafted. But there is not a lot of information on this CVE as it relates to Juniper MX routers. I have found some items regarding the SRX, but that has not helped me. Has anyone else dealt with this and know how to keep this from responding. I have created filter rules for all of the above and port 111 and applied to the public facing interface and the loopback interface, but that has not helped either.

Any help is appreciated.

Thanks

Matt