CVE-2017-8779
published 2017-05-04CVE-2017-8779: rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory…
PriorityP268high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
81.92%
99.6th percentile
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libtirpc | < libtirpc 0.2.5-1.2 (bookworm) | libtirpc 0.2.5-1.2 (bookworm) |
| debian | ntirpc | < libtirpc 0.2.5-1.2 (bookworm) | libtirpc 0.2.5-1.2 (bookworm) |
| debian | rpcbind | < libtirpc 0.2.5-1.2 (bookworm) | libtirpc 0.2.5-1.2 (bookworm) |
| gnu | glibc | — | — |
| libtirpc_project | libtirpc | <= 1.0.1 | — |
| libtirpc_project | libtirpc | >= 0 < 0.2.5-1.2 | 0.2.5-1.2 |
| libtirpc_project | libtirpc | >= 0 < 0.2.5-1.2 | 0.2.5-1.2 |
| libtirpc_project | libtirpc | >= 0 < 0.2.5-1.2 | 0.2.5-1.2 |
| libtirpc_project | libtirpc | >= 0 < 0.2.5-1.2 | 0.2.5-1.2 |
| libtirpc_project | libtirpc | >= 0 < 0.2.2-5ubuntu2.1 | 0.2.2-5ubuntu2.1 |
| libtirpc_project | libtirpc | >= 0 < 0.2.5-1ubuntu0.1 | 0.2.5-1ubuntu0.1 |
| libtirpc_project | libtirpc | >= 0 < 0.2.5-1.2ubuntu0.1 | 0.2.5-1.2ubuntu0.1 |
| ntirpc_project | ntirpc | <= 1.4.3 | — |
| ntirpc_project | ntirpc | >= 0 < 1.4.4-1 | 1.4.4-1 |
| ntirpc_project | ntirpc | >= 0 < 1.4.4-1 | 1.4.4-1 |
| ntirpc_project | ntirpc | >= 0 < 1.4.4-1 | 1.4.4-1 |
| ntirpc_project | ntirpc | >= 0 < 1.4.4-1 | 1.4.4-1 |
| rpcbind_project | rpcbind | <= 0.2.4 | — |
| rpcbind_project | rpcbind | >= 0 < 0.2.3-0.6 | 0.2.3-0.6 |
| rpcbind_project | rpcbind | >= 0 < 0.2.3-0.6 | 0.2.3-0.6 |
| rpcbind_project | rpcbind | >= 0 < 0.2.3-0.6 | 0.2.3-0.6 |
| rpcbind_project | rpcbind | >= 0 < 0.2.3-0.6 | 0.2.3-0.6 |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://raw.githubusercontent.com/guidovranken/rpcbomb/fe53048af2d4fb78c911e71a30f21afcffbbf5e1/rpcbomb.rb↗
commandpkt = [0].pack('N') # xid
pkt << [0].pack('N') # message type CALL
pkt << [2].pack('N') # RPC version 2
pkt << [100000].pack('N') # Program
pkt << [4].pack('N') # Program version
pkt << [9].pack('N') # Procedure
pkt << [0].pack('N') # Credentials AUTH_NULL
pkt << [0].pack('N') # Credentials length 0
pkt << [0].pack('N') # Credentials AUTH_NULL
pkt << [0].pack('N') # Credentials length 0
pkt << [0].pack('N') # Program: 0
pkt << [0].pack('N') # Ver
pkt << [4].pack('N') # Proc
pkt << [4].pack('N') # Argument length
pkt << [numBytes].pack('N') # Payload↗
- →Monitor for large UDP packets sent to port 111 (rpcbind/portmapper); the exploit sends a crafted RPC CALL packet with an oversized XDR string length field (numBytes) as the payload to trigger unbounded memory allocation. ↗
- →Inspect RPC CALL packets (message type 0x00000000) targeting program 100000 (portmapper), version 4, procedure 9 over UDP/111; a large 4-byte argument in the payload field is the trigger for excessive memory allocation. ↗
- →Alert on rpcbind process exhibiting rapid virtual memory growth or OOM conditions following receipt of UDP traffic on port 111, consistent with never-freed XDR string allocations. ↗
- →The Metasploit auxiliary module path auxiliary/dos/rpc/rpcbomb can be used to test exposure; detect its use in penetration testing or adversarial activity. ↗
- ·Systems using memory overcommit (the default on many Linux distributions) are especially vulnerable because the OS will grant the allocation without immediately consuming physical memory, making the DoS harder to detect until OOM is triggered. ↗
- ·All three affected RPC libraries (rpcbind ≤0.2.4, LIBTIRPC ≤1.0.1 and 1.0.2-rc through 1.0.2-rc3, NTIRPC ≤1.4.3) share the same root cause — none enforce a maximum RPC data size during XDR string memory allocation — so detection and patching must cover all three. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
rpcbind vulnerability
vendor_ubuntu·2021-06-09
CVE-2017-8779 rpcbind vulnerability
Title: rpcbind vulnerability
Summary: rpcbind could be made to consume resources and crash if it received
specially crafted network traffic.
USN-4986-1 fixed a vulnerability in rpcbind. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that rpcbind incorrectly handled certain large data
sizes. A remote attacker could use this issue to cause rpcbind to consume
resources, leading to a denial of service.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Ubuntu
rpcbind vulnerability
vendor_ubuntu·2021-06-09
CVE-2017-8779 rpcbind vulnerability
Title: rpcbind vulnerability
Summary: rpcbind could be made to consume resources and crash if it received
specially crafted network traffic.
It was discovered that rpcbind incorrectly handled certain large data
sizes. A remote attacker could use this issue to cause rpcbind to consume
resources, leading to a denial of service.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Ubuntu
libtirpc vulnerabilities
vendor_ubuntu·2018-09-05·CVSS 5.9
CVE-2016-4429 [MEDIUM] libtirpc vulnerabilities
Title: libtirpc vulnerabilities
Summary: Several security issues were fixed in libtirpc.
Aldy Hernandez discovered that libtirpc incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-4429)
It was discovered that libtirpc incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14622)
It was discovered that libtirpc incorrectly handled certain strings.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2017-8779)
Instructions: After a standard system update you need to reboot your computer to make
all the necess
Ubuntu
libtirpc vulnerabilities
vendor_ubuntu·2018-09-05·CVSS 5.9
CVE-2016-4429 [MEDIUM] libtirpc vulnerabilities
Title: libtirpc vulnerabilities
Summary: Several security issues were fixed in libtirpc.
USN-3759-1 fixed a vulnerability in libtirpc. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Aldy Hernandez discovered that libtirpc incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-4429)
It was discovered that libtirpc incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14622)
It was discovered that libtirpc incorrectly handled certain strings.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2017-8779)
Instructions: After a standard system update you need to reboot your computer to make
Red Hat
glibc: memory leak in sunrpc when decoding malformed XDR
vendor_redhat·2017-05-08·CVSS 7.5
CVE-2017-8804 [HIGH] CWE-400 glibc: memory leak in sunrpc when decoding malformed XDR
glibc: memory leak in sunrpc when decoding malformed XDR
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references
Package: compat-glibc (Red Hat Enterprise Linux 5) - Will not fix
Package: glibc (Red Hat Enterprise Linux 5) - Will not fix
Package: compat-glibc (Red Hat Enterprise Linux 6) - Will not fix
Package: glibc (Red Hat Enterprise Linux 6) - Will not fix
Package: compat-glibc (Red Hat Enterprise Linux 7) - Will not fix
Package: gli
Red Hat
libntirpc: Memory leak when failing to parse XDR strings or bytearrays
vendor_redhat·2017-05-03·CVSS 7.5
CVE-2017-8779 [HIGH] CWE-400 libntirpc: Memory leak when failing to parse XDR strings or bytearrays
libntirpc: Memory leak when failing to parse XDR strings or bytearrays
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
Statement: In the default system configuration, with the sysctl variable vm.overcomm
Debian
CVE-2017-8779: libtirpc - rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, an...
vendor_debian·2017·CVSS 7.5
CVE-2017-8779 [HIGH] CVE-2017-8779: libtirpc - rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, an...
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
Scope: local
bookworm: resolved (fixed in 0.2.5-1.2)
bullseye: resolved (fixed in 0.2.5-1.2)
forky: resolved (fixed in 0.2.5-1.2)
sid: resolved (fixed in 0.2.5-1.2)
trixie: resolved (fixed in 0.2.5-1.2)
GHSA
GHSA-fr7x-wc8q-h255: rpcbind through 0
ghsa_unreviewed·2022-05-13
CVE-2017-8779 [HIGH] CWE-770 GHSA-fr7x-wc8q-h255: rpcbind through 0
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
GHSA
GHSA-pgff-5mf5-cw73: ** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2017-8804 [HIGH] CWE-502 GHSA-pgff-5mf5-cw73: ** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2
** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references]
OSV
libtirpc vulnerabilities
osv·2018-09-05·CVSS 5.9
CVE-2016-4429 [MEDIUM] libtirpc vulnerabilities
libtirpc vulnerabilities
Aldy Hernandez discovered that libtirpc incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-4429)
It was discovered that libtirpc incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14622)
It was discovered that libtirpc incorrectly handled certain strings.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2017-8779)
OSV
CVE-2017-8779: rpcbind through 0
osv·2017-05-04·CVSS 7.5
CVE-2017-8779 [HIGH] CVE-2017-8779: rpcbind through 0
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
No detection rules found.
Exploit-DB
RPCBind / libtirpc - Denial of Service
exploitdb·2017-05-08
CVE-2017-8779 RPCBind / libtirpc - Denial of Service
RPCBind / libtirpc - Denial of Service
---
#!/usr/bin/ruby
#
# Source: https://raw.githubusercontent.com/guidovranken/rpcbomb/fe53048af2d4fb78c911e71a30f21afcffbbf5e1/rpcbomb.rb
#
# By Guido Vranken https://guidovranken.wordpress.com/
# Thanks to Sean Verity for writing an exploit in Ruby for an earlier
# vulnerability: https://www.exploit-db.com/exploits/26887/
# I've used it as a template.
require 'socket'
def usage
abort "\nusage: ./rpcbomb.rb [port]\n\n"
end
bomb = """
` + # ,
: @ @ @ @ @ @
@ @ ; . + @ @ @ . @ @
@ @ @ @ @ ` @ @
. ` @ #
; @ @ @ . : @ @ @ @
@ @ @ @ @ @ @ @ @ @ @ ;
@ @ @ @ @ @ @ @ @ @ @ @ @ `
@ @ @ @ @ @ @ @ @ @ @ @ @ @ :
# @ @ @ @ @ @ @ @ @ @ @ @ @ '
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @
. @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
+ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
+ @ @ @ @ @ @ @ @ @ @ @ @
Metasploit
RPC DoS targeting *nix rpcbind/libtirpc
metasploit
RPC DoS targeting *nix rpcbind/libtirpc
RPC DoS targeting *nix rpcbind/libtirpc
This module exploits a vulnerability in certain versions of rpcbind, LIBTIRPC, and NTIRPC, allowing an attacker to trigger large (and never freed) memory allocations for XDR strings on the target.
HackerOne
CVE-2017-8779 exploit on open rpcbind port could lead to remote DoS
hackerone·2020-02-12·CVSS 7.5
CVE-2017-8779 [HIGH] CVE-2017-8779 exploit on open rpcbind port could lead to remote DoS
CVE-2017-8779 exploit on open rpcbind port could lead to remote DoS
## Summary:
An open rpcbind port on https://da.theendlessweb.com allows for possible exploitation by an existing Metasploit module. This could lead to large and unfreed memory allocations for XDR strings.
## Description:
Port scanning on 149.56.38.19 which is the IP of https://da.theendlessweb.com shows open port 111 which runs 'rpcbind'. By using the auxiliary module auxiliary/dos/rpc/rpcbomb in Metasploit, it is possible to exploit the port and cause large memory allocations for XDR strings. Excessive memory allocations could exhaust the systems memory leading to a Denial of Service.
As can be seen in the following screenshot:
(please note that I did not expect the module to work therefore I continued the test, I am a
HackerOne
rpcbind "rpcbomb" CVE-2017-8779, CVE-2017-8804
hackerone·2019-10-14·CVSS 7.5
CVE-2017-8779 [HIGH] rpcbind "rpcbomb" CVE-2017-8779, CVE-2017-8804
rpcbind "rpcbomb" CVE-2017-8779, CVE-2017-8804
Description: this allowed an attacker to easily disrupt a remote system through excessive memory consumption.
Writeup: https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
Demonstration video: https://www.youtube.com/watch?v=b38H3oEgrQw (this video shows that the attack doesn't necessarily just crashes the rpcbind process, but that the entire system can slow down severely because it has to resort to swap memory, even if overcommit is enabled. This implies scope=changed in the CVSS. But I filled out unchanged to be consistent with the official assessment)
CVSS score: https://nvd.nist.gov/vuln/detail/CVE-2017-8779
rpcbind/libtirpc: CVE-2017-8779 http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commi
Bugzilla
CVE-2017-8804 glibc: memory leak in sunrpc when decoding malformed XDR
bugzilla·2017-05-08·CVSS 7.5
CVE-2017-8804 [HIGH] CVE-2017-8804 glibc: memory leak in sunrpc when decoding malformed XDR
CVE-2017-8804 glibc: memory leak in sunrpc when decoding malformed XDR
A crafted XDR message containing a string or bytes entity with a particularly large size but no content could cause xdr_opaque to leak virtual memory. Since the memory is never accessed, physical pages are not mapped (unless sysctl vm.overcommit_memory=2 is in effect). This was discovered in the wake of CVE-2017-8779.
Upstream issue:
https://sourceware.org/bugzilla/show_bug.cgi?id=21461
Upstream patch:
https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html
CVE assignment:
https://seclists.org/oss-sec/2017/q2/218
Discussion:
Created glibc tracking bugs for this issue:
Affects: fedora-all [bug 1448796]
---
Per discussion on the libc-alpha mailing list (linked https://sourceware.org/bugzilla/show_bug.cgi?id
Bugzilla
CVE-2017-8779 libntirpc: rpcbind: Unbounded maximum RPC data size during memory allocation for XDR strings [fedora-all]
bugzilla·2017-05-04·CVSS 7.5
CVE-2017-8779 [HIGH] CVE-2017-8779 libntirpc: rpcbind: Unbounded maximum RPC data size during memory allocation for XDR strings [fedora-all]
CVE-2017-8779 libntirpc: rpcbind: Unbounded maximum RPC data size during memory allocation for XDR strings [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this
Bugzilla
CVE-2017-8779 libntirpc: rpcbind: Unbounded maximum RPC data size during memory allocation for XDR strings [epel-all]
bugzilla·2017-05-04·CVSS 7.5
CVE-2017-8779 [HIGH] CVE-2017-8779 libntirpc: rpcbind: Unbounded maximum RPC data size during memory allocation for XDR strings [epel-all]
CVE-2017-8779 libntirpc: rpcbind: Unbounded maximum RPC data size during memory allocation for XDR strings [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this iss
Bugzilla
CVE-2017-8779 rpcbind, libtirpc, libntirpc: Memory leak when failing to parse XDR strings or bytearrays
bugzilla·2017-05-04·CVSS 7.5
CVE-2017-8779 [HIGH] CVE-2017-8779 rpcbind, libtirpc, libntirpc: Memory leak when failing to parse XDR strings or bytearrays
CVE-2017-8779 rpcbind, libtirpc, libntirpc: Memory leak when failing to parse XDR strings or bytearrays
Rpcbind does not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
References:
http://seclists.org/oss-sec/2017/q2/209
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
Discussion:
Created libntirpc tracking bugs for this issue:
Affects: epel-all [bug 1448125]
Affects: fedora-all [bug 1448126]
Created libtirpc tracking bugs for this issue:
Affects: fedora-all [bug 1448127]
Created rpcbind tracking bugs for this issue:
Affects: fedora-all [bug 1448128]
Bugzilla
CVE-2017-8779 libtirpc: rpcbind: Unbounded maximum RPC data size during memory allocation for XDR strings [fedora-all]
bugzilla·2017-05-04·CVSS 7.5
CVE-2017-8779 [HIGH] CVE-2017-8779 libtirpc: rpcbind: Unbounded maximum RPC data size during memory allocation for XDR strings [fedora-all]
CVE-2017-8779 libtirpc: rpcbind: Unbounded maximum RPC data size during memory allocation for XDR strings [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this
Bugzilla
CVE-2017-8779 rpcbind: Unbounded maximum RPC data size during memory allocation for XDR strings [fedora-all]
bugzilla·2017-05-04·CVSS 7.5
CVE-2017-8779 [HIGH] CVE-2017-8779 rpcbind: Unbounded maximum RPC data size during memory allocation for XDR strings [fedora-all]
CVE-2017-8779 rpcbind: Unbounded maximum RPC data size during memory allocation for XDR strings [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affe
http://openwall.com/lists/oss-security/2017/05/03/12http://openwall.com/lists/oss-security/2017/05/04/1http://www.debian.org/security/2017/dsa-3845http://www.securityfocus.com/bid/98325http://www.securitytracker.com/id/1038532https://access.redhat.com/errata/RHBA-2017:1497https://access.redhat.com/errata/RHSA-2017:1262https://access.redhat.com/errata/RHSA-2017:1263https://access.redhat.com/errata/RHSA-2017:1267https://access.redhat.com/errata/RHSA-2017:1268https://access.redhat.com/errata/RHSA-2017:1395https://github.com/drbothen/GO-RPCBOMBhttps://github.com/guidovranken/rpcbomb/https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/https://security.gentoo.org/glsa/201706-07https://security.netapp.com/advisory/ntap-20180109-0001/https://usn.ubuntu.com/3759-1/https://usn.ubuntu.com/3759-2/https://www.exploit-db.com/exploits/41974/http://openwall.com/lists/oss-security/2017/05/03/12http://openwall.com/lists/oss-security/2017/05/04/1http://www.debian.org/security/2017/dsa-3845http://www.securityfocus.com/bid/98325http://www.securitytracker.com/id/1038532https://access.redhat.com/errata/RHBA-2017:1497https://access.redhat.com/errata/RHSA-2017:1262https://access.redhat.com/errata/RHSA-2017:1263https://access.redhat.com/errata/RHSA-2017:1267https://access.redhat.com/errata/RHSA-2017:1268https://access.redhat.com/errata/RHSA-2017:1395https://github.com/drbothen/GO-RPCBOMBhttps://github.com/guidovranken/rpcbomb/https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/https://security.gentoo.org/glsa/201706-07https://security.netapp.com/advisory/ntap-20180109-0001/https://usn.ubuntu.com/3759-1/https://usn.ubuntu.com/3759-2/https://www.exploit-db.com/exploits/41974/
2017-05-04
Published