CVE-1999-0461 in Linux
Summary
by MITRE
Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 04/18/2026
The vulnerability described in CVE-1999-0461 affects rpcbind implementations across multiple operating systems including Linux, IRIX, and Wietse Venema's rpcbind implementation. This represents a significant security flaw in the Remote Procedure Call (RPC) binding service that manages RPC port mappings and service discovery. The rpcbind service operates as a daemon that maintains mappings between RPC program numbers and network addresses, enabling clients to locate and communicate with RPC servers. When properly configured, rpcbind serves as a critical component in distributed computing environments where services need to dynamically register and discover available RPC endpoints.
The technical flaw stems from insufficient authentication mechanisms within the rpcbind service implementation. Specifically, the service accepts modification requests for port mappings without validating the authenticity of the source address. This allows a remote attacker to spoof their network address and inject malicious entries into the rpcbind registry or delete legitimate entries. The vulnerability operates at the network protocol level where rpcbind communicates using UDP and TCP protocols on well-known ports. The service typically listens on port 111 for RPC port mapping requests, and the lack of proper source address verification creates an attack vector where malicious actors can manipulate the service's internal database of registered RPC services.
The operational impact of this vulnerability is substantial as it enables attackers to perform service disruption and potentially gain unauthorized access to RPC-based services. An attacker could insert fake port mappings that redirect RPC traffic to malicious endpoints, effectively performing a man-in-the-middle attack against RPC clients. Additionally, the ability to delete legitimate entries can cause service availability issues by removing valid port mappings that legitimate clients depend upon. This vulnerability particularly affects environments where RPC services are extensively used such as NFS file sharing, NIS (Network Information Service) domains, and other distributed computing systems that rely on dynamic service registration. The attack can be executed from any network location that can reach the rpcbind service, making it particularly dangerous in network environments where the service is exposed to untrusted networks.
Mitigation strategies for this vulnerability should focus on implementing proper access controls and network segmentation. The most effective approach involves restricting rpcbind service access to trusted networks through firewall rules and access control lists that limit which hosts can send modification requests to the service. Network administrators should ensure that rpcbind is not exposed to untrusted networks and that only authorized systems can modify the service registry. Additionally, implementing proper authentication mechanisms for rpcbind modification requests would address the core flaw by requiring legitimate credentials before allowing changes to port mappings. System administrators should also consider implementing intrusion detection systems that monitor for unusual rpcbind modification activities. The vulnerability aligns with CWE-284 Access Control Issues, specifically related to insufficient access control for critical system services. From an ATT&CK framework perspective, this vulnerability maps to T1071.004 Application Layer Protocol: DNS and potentially T1566 Impersonation, as attackers can spoof addresses to gain unauthorized access to service registration mechanisms. Regular security audits of rpcbind configurations and monitoring of service registry changes should be implemented to detect potential exploitation attempts.