Opened 7 years ago
Closed 7 years ago
#9284 closed defect (fixed)
Vulnerabilities in rpcbind and libtirpc
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | high | Milestone: | 8.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
This one had passed me by. CVE-2017-8779 rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, [ and NTIRPC through 1.4.3 ] do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
Patches for rpcbind and libtirpc at https://github.com/guidovranken/rpcbomb - I see that both Fedora and Arch seem to be using these. The rpcbind part can probably be done by a sed.
Change History (3)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 7 years ago
Not a sed - I failed to notice there is an earlier line to add a header. I've prepared the headed patches and checked they compile and DESTDIR, will upload. Still a day or two before I can rebuild locally and check that nfs still works.
Might be a day or two before I have time to look at this.