Opened 4 years ago

Closed 4 years ago

#9284 closed defect (fixed)

Vulnerabilities in rpcbind and libtirpc

Reported by: ken@… Owned by: ken@…
Priority: high Milestone: 8.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

This one had passed me by. CVE-2017-8779 rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, [ and NTIRPC through 1.4.3 ] do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.

Patches for rpcbind and libtirpc at https://github.com/guidovranken/rpcbomb - I see that both Fedora and Arch seem to be using these. The rpcbind part can probably be done by a sed.

Change History (3)

comment:1 by ken@…, 4 years ago

Owner: changed from blfs-book@… to ken@…
Status: newassigned

Might be a day or two before I have time to look at this.

comment:2 by ken@…, 4 years ago

Not a sed - I failed to notice there is an earlier line to add a header. I've prepared the headed patches and checked they compile and DESTDIR, will upload. Still a day or two before I can rebuild locally and check that nfs still works.

comment:3 by ken@…, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed, r18771.

Note: See TracTickets for help on using tickets.