vCenter Appliance shows rpcbind process listening on UDP ports in privileged range
search cancel

vCenter Appliance shows rpcbind process listening on UDP ports in privileged range

book

Article ID: 315356

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • Security scans may report that the vCenter has an open UDP port in the privileged range (1-1024) other than UDP 111.
  • The netstat command shows that rpcbind is listening on the port. 
    netstat -anp | grep rpcbind
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      9814/rpcbind    
tcp6       0      0 :::111                  :::*                    LISTEN      9814/rpcbind    
udp        0      0 0.0.0.0:111             0.0.0.0:*                           9814/rpcbind    
udp        0      0 0.0.0.0:659             0.0.0.0:*                           9814/rpcbind    
udp6       0      0 :::111                  :::*                                9814/rpcbind    
udp6       0      0 :::659                  :::*                                9814/rpcbind    
unix  2      [ ACC ]     STREAM     LISTENING     16604    1/systemd           /var/run/rpcbind.sock
    Note: The output above is an example. The UDP port is randomized and will likely be different in your vCenter Appliance


Environment

VMware vCenter Server Appliance 6.7.x
VMware vCenter Server Appliance 6.5.x

Cause

In some versions of rpcbind, the service uses a randomly chosen udp port for remote call functionality in addition to the normal port 111.

Resolution

This is a know issue. VMware is working on it and will be addressing it in an upcoming release of vCenter Server.

It is only apparent in vCenter Server Appliance versions 6.5 and 6.7. It does not affect vCenter Server 7.0.

Additional Information

Its possible that other solutions using PhotonOS 1.0 or 2.0 might also see this behavior.

Powered by Wolken Software