[
https://issues.apache.org/jira/browse/CLOUDSTACK-10378?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marco Sinhoreli updated CLOUDSTACK-10378:
-----------------------------------------
Affects Version/s: 4.11.1.0
4.11.1.1
> udp port 111 (rpcbind) is exposed in the public interface on SSVM
> -----------------------------------------------------------------
>
> Key: CLOUDSTACK-10378
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10378
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: SystemVM
> Affects Versions: 4.11.0.0, 4.11.1.1, 4.11.1.0
> Reporter: Marco Sinhoreli
> Priority: Critical
>
> The secondary storage VM is exposing the NFS rpcbind udp port (111) to the
> internet on the public network interface. It can cause security risks.
> Exposing the RPC/portmap udp port 111 service to the internet, everybody can
> query this information without having to authenticate. It can be useful to
> attackers to know what you have running. Also, the RPC service has a history
> of security vulnerabilities.
> The recommendable is update the iptables rules on the system VM template to
> block the 111 udp port.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
