ALT-PU-2018-2163-1
Closed vulnerabilities
Published: 2017-05-03
BDU:2021-05819
Уязвимость сервера динамического назначения RPC-портов RPCbind, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2017-05-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-8779
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://openwall.com/lists/oss-security/2017/05/03/12
- http://openwall.com/lists/oss-security/2017/05/03/12
- http://openwall.com/lists/oss-security/2017/05/04/1
- http://openwall.com/lists/oss-security/2017/05/04/1
- DSA-3845
- DSA-3845
- 98325
- 98325
- 1038532
- 1038532
- RHBA-2017:1497
- RHBA-2017:1497
- RHSA-2017:1262
- RHSA-2017:1262
- RHSA-2017:1263
- RHSA-2017:1263
- RHSA-2017:1267
- RHSA-2017:1267
- RHSA-2017:1268
- RHSA-2017:1268
- RHSA-2017:1395
- RHSA-2017:1395
- https://github.com/drbothen/GO-RPCBOMB
- https://github.com/drbothen/GO-RPCBOMB
- https://github.com/guidovranken/rpcbomb/
- https://github.com/guidovranken/rpcbomb/
- https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
- https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
- GLSA-201706-07
- GLSA-201706-07
- https://security.netapp.com/advisory/ntap-20180109-0001/
- https://security.netapp.com/advisory/ntap-20180109-0001/
- USN-3759-1
- USN-3759-1
- USN-3759-2
- USN-3759-2
- 41974
- 41974