Network Security Open Port Question - Port 53213

Hello,

When I used the Port Scanner in Network Utility, I noticed there were 3 open TCP ports: Port 1110, which had nfs-status as its usage, Port 1538, which linked to 3ds-lm, and Port 53213 which didn't have any identified usage listed, which I found to be suspicious.

When I used the netstat -a command in terminal, I saw the following as it related to Port 53213:

Proto Recv-Q Send-Q Local Address Foreign Address (state)

tcp4 0 0 localhost.53213 localhost.57089 CLOSE_WAIT

tcp4 0 0 localhost.57089 localhost.53213 FIN_WAIT_2

and:

tcp4 0 0 localhost.53213 localhost.49875 ESTABLISHED

tcp4 0 0 localhost.49875 localhost.53213 ESTABLISHED

tcp4 0 0 localhost.53213 *.* LISTEN

When I googled Port 53213, I noticed it was associated with a something called Xsan Filesystem Access. I read Xsan may be associated with vulnerabilities. Specifically, I read:

The Problem
There is a buffer overflow vulnerability in the Xsan filesystem driver that may affect systems directly attached to Xsan. An authenticated user with write access to the filesystem may exploit this vulnerability by creating a file with a specially crafted path name.

Impact

A local, authenticated attacker may be able to execute arbitrary code with system privileges, or create a denial-of-service condition.

Does anyone know what these ports are generally associated with? Does anything seem suspicious? What does the foreign address *-* that the open Port 53213 is communicating with mean?

Thank you for your help

MacBook Pro (Retina, 15-inch, Late 2013), OS X Yosemite (10.10.4), null

Posted on Sep 12, 2017 8:22 PM