OSX remote root *more info*

[dotslash () snosoft com]

did a little more research ... it appears nidump makes a query to 
portmap to look for netinfobind if either of these are not listening
the use of a remote tag with nidump or nireport may fail. A vulnerable 
machine should have the following open.
    program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    200100001    1   udp    796  netinfobind
    200100001    1   tcp    799  netinfobind

-KF