LiveActive security incident?Get immediate response
CVE Record

CVE-1999-0625: The rpc.rquotad service is running.

The rpc.rquotad service is running.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysislow

Security readout for executives and security teams

Plain-English summary

This entry flags that the rpc.rquotad service is running on a system. Rquotad is a legacy Unix service that reports disk quota information over the network. Its presence is treated as an information disclosure and attack-surface concern rather than a specific software flaw. The public record contains only a brief description and no vendor, version, patch, or exploit details.

Executive priority

Low priority for most modern environments. Address opportunistically as part of legacy Unix and NFS hardening, not as an emergency. Elevate only if legacy servers running RPC services are exposed to untrusted networks or are in scope for compliance reviews that flag unnecessary services.

Technical view

CVE-1999-0625 documents the mere fact that rpc.rquotad, an RPC-based quota reporting daemon typically bound through portmapper, is exposed on a host. The CVE record lists no CVSS score, no CWE mapping, and no affected vendor or product. It reflects a hardening/exposure finding rather than a discrete code vulnerability, and no fix or workaround is enumerated in the source bundle.

Likely exposure

Applies to legacy Unix and Linux systems that still run rpc.rquotad, generally alongside NFS with disk quotas enabled. Exposure is highest where portmapper (port 111) and RPC services are reachable from untrusted networks. Modern, hardened environments rarely expose this service externally, so most current enterprise footprints are unaffected unless legacy NFS servers remain in scope.

Exploitation context

Not listed in CISA KEV and no cited source in the bundle indicates active exploitation. The entry itself describes service presence, not a specific exploit primitive. Historically, related rquotad implementations have had separate, individually tracked buffer overflow CVEs, but those are out of scope here. Treat this record as an exposure signal that may aid reconnaissance rather than a directly weaponizable flaw.

Researcher notes

This CVE is a configuration/exposure record with no CVSS, CWE, vendor, or version data in the source bundle. It should not be conflated with specific rquotad code vulnerabilities (which carry their own CVE IDs). Evidence is minimal, so any risk framing depends on environmental context: reachability of RPC services, presence of NFS quotas, and whether the host is a legacy system still in production.

Mitigation direction

  • Disable rpc.rquotad on hosts that do not require NFS quota reporting.
  • Restrict portmapper and RPC ports to trusted management networks via firewall or host ACLs.
  • Consult current OS and NFS vendor guidance before changing quota-reporting configuration.
  • Inventory legacy Unix and NFS servers to confirm which still expose RPC services.
  • Monitor RPC and portmapper traffic for unexpected external queries.

Validation and detection

  • Query portmapper on suspect hosts to confirm whether rquotad is registered.
  • Review NFS server configuration and init scripts for enabled rquotad daemons.
  • Check network scan results and asset inventory for exposed RPC endpoints.
  • Correlate findings with vendor documentation for the specific Unix or Linux distribution in use.
Prepared
Confidence
medium
Sources
2

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-1999-0625 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.