Vulnerability CVE-2017-8779: Information
Description
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libtirpc | sisyphus | 1.0.2-alt1 | 1.3.4-alt1 | ALT-PU-2017-1816-1 | 185112 | Fixed |
libtirpc | p10 | 1.0.2-alt1 | 1.3.3-alt1 | ALT-PU-2017-1816-1 | 185112 | Fixed |
libtirpc | p9 | 1.0.2-alt1 | 1.0.3-alt1 | ALT-PU-2017-1816-1 | 185112 | Fixed |
libtirpc | c10f1 | 1.0.2-alt1 | 1.3.3-alt1 | ALT-PU-2017-1816-1 | 185112 | Fixed |
libtirpc | c9f2 | 1.0.2-alt1 | 1.0.3-alt1 | ALT-PU-2017-1816-1 | 185112 | Fixed |
rpcbind | sisyphus | 1.2.5-alt1 | 1.2.6-alt1.qa1 | ALT-PU-2018-2163-1 | 211532 | Fixed |
rpcbind | p10 | 1.2.5-alt1 | 1.2.6-alt1.qa1 | ALT-PU-2018-2163-1 | 211532 | Fixed |
rpcbind | p9 | 1.2.5-alt1 | 1.2.5-alt2 | ALT-PU-2018-2163-1 | 211532 | Fixed |
rpcbind | c10f1 | 1.2.5-alt1 | 1.2.6-alt1.qa1 | ALT-PU-2018-2163-1 | 211532 | Fixed |
rpcbind | c9f2 | 1.2.5-alt1 | 1.2.5-alt2 | ALT-PU-2018-2163-1 | 211532 | Fixed |
rpcbind | c7 | 0.2.1-alt0.6.M70C.2 | 0.2.1-alt0.6.M70C.2 | ALT-PU-2017-2204-1 | 188132 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ |
|
https://github.com/guidovranken/rpcbomb/ |
|
http://openwall.com/lists/oss-security/2017/05/04/1 |
|
http://openwall.com/lists/oss-security/2017/05/03/12 |
|
98325 |
|
https://github.com/drbothen/GO-RPCBOMB |
|
GLSA-201706-07 | |
1038532 | |
41974 | |
DSA-3845 | |
RHSA-2017:1395 | |
RHSA-2017:1268 | |
RHSA-2017:1267 | |
RHSA-2017:1263 | |
RHSA-2017:1262 | |
RHBA-2017:1497 | |
https://security.netapp.com/advisory/ntap-20180109-0001/ | |
USN-3759-2 | |
USN-3759-1 |