Vulnerabilities > CVE-2017-8779 - Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH network
low complexity
rpcbind-project
libtirpc-project
ntirpc-project
CWE-770
nessus
exploit available
metasploit
Summary
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Locate and Exploit Test APIs An attacker exploits a sample, demonstration, or test API that is insecure by default and should not be resident on production systems. Some applications include APIs that are intended to allow an administrator to test and refine their domain. These APIs should usually be disabled once a system enters a production environment. Testing APIs may expose a great deal of diagnostic information intended to aid an administrator, but which can also be used by an attacker to further refine their attack. Moreover, testing APIs may not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may have many flaws and vulnerabilities that would allow an attacker to severely disrupt a target.
- Flooding An attacker consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow control in management of interactions. Since each request consumes some of the target's resources, if a sufficiently large number of requests must be processed at the same time then the target's resources can be exhausted. The degree to which the attack is successful depends upon the volume of requests in relation to the amount of the resource the target has access to, and other mitigating circumstances such as the target's ability to shift load or acquired additional resources to deal with the depletion. The more protected the resource and the greater the quantity of it that must be consumed, the more resources the attacker may need to have at their disposal. A typical TCP/IP flooding attack is a Distributed Denial-of-Service attack where many machines simultaneously make a large number of requests to a target. Against a target with strong defenses and a large pool of resources, many tens of thousands of attacking machines may be required. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the attacker can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.
- Excessive Allocation An attacker causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request. For example, using an Integer Attack, the attacker could cause a variable that controls allocation for a request to hold an excessively large value. Excessive allocation of resources can render a service degraded or unavailable to legitimate users and can even lead to crashing of the target.
- XML Ping of the Death An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
- XML Entity Expansion An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
Exploit-Db
| description | RPCBind / libtirpc - Denial of Service. CVE-2017-8779. Dos exploit for Linux platform. Tags: Denial of Service (DoS) |
| file | exploits/linux/dos/41974.rb |
| id | EDB-ID:41974 |
| last seen | 2017-05-08 |
| modified | 2017-05-08 |
| platform | linux |
| port | 111 |
| published | 2017-05-08 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/41974/ |
| title | RPCBind / libtirpc - Denial of Service |
| type | dos |
Metasploit
| description | This module exploits a vulnerability in certain versions of rpcbind, LIBTIRPC, and NTIRPC, allowing an attacker to trigger large (and never freed) memory allocations for XDR strings on the target. |
| id | MSF:AUXILIARY/DOS/RPC/RPCBOMB |
| last seen | 2019-12-01 |
| modified | 2017-07-24 |
| published | 2017-06-05 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/rpc/rpcbomb.rb |
| title | RPC DoS targeting *nix rpcbind/libtirpc |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-1267.NASL description An update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1435 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) last seen 2020-06-01 modified 2020-06-02 plugin id 100370 published 2017-05-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100370 title RHEL 6 : rpcbind (RHSA-2017:1267) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:1267. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(100370); script_version("3.10"); script_cvs_date("Date: 2019/10/24 15:35:43"); script_cve_id("CVE-2017-8779"); script_xref(name:"RHSA", value:"2017:1267"); script_name(english:"RHEL 6 : rpcbind (RHSA-2017:1267)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1435 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHBA-2017:1435" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:1267" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-8779" ); script_set_attribute( attribute:"solution", value:"Update the affected rpcbind and / or rpcbind-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rpcbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rpcbind-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/04"); script_set_attribute(attribute:"patch_publication_date", value:"2017/06/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2017:1267"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"rpcbind-0.2.0-13.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"rpcbind-0.2.0-13.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"rpcbind-0.2.0-13.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"rpcbind-debuginfo-0.2.0-13.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"rpcbind-debuginfo-0.2.0-13.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"rpcbind-debuginfo-0.2.0-13.el6_9")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rpcbind / rpcbind-debuginfo"); } }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-1268.NASL description An update for libtirpc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib last seen 2020-06-01 modified 2020-06-02 plugin id 100371 published 2017-05-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100371 title RHEL 6 : libtirpc (RHSA-2017:1268) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0107.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix for CVE-2017-8779 (bz 1449461) - Soft static allocate rpc uid/gid (bz 1300533) - Fix memory corruption in PMAP_CALLIT code (bz 1186933) last seen 2020-06-01 modified 2020-06-02 plugin id 100398 published 2017-05-25 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100398 title OracleVM 3.3 / 3.4 : rpcbind (OVMSA-2017-0107) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-1263.NASL description From Red Hat Security Advisory 2017:1263 : An update for libtirpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib last seen 2020-06-01 modified 2020-06-02 plugin id 100342 published 2017-05-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100342 title Oracle Linux 7 : libtirpc (ELSA-2017-1263) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1468-1.NASL description This update for libtirpc and rpcbind fixes the following issues : - CVE-2017-8779: A crafted UDP package could lead rpcbind to remote denial-of-service. (bsc#1037559) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100569 published 2017-06-01 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100569 title SUSE SLES11 Security Update : libtirpc, rpcbind (SUSE-SU-2017:1468-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-1262.NASL description An update for rpcbind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1436 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) last seen 2020-06-01 modified 2020-06-02 plugin id 100317 published 2017-05-22 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100317 title RHEL 7 : rpcbind (RHSA-2017:1262) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1102.NASL description According to the version of the rpcbind package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-06-09 plugin id 100695 published 2017-06-09 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100695 title EulerOS 2.0 SP1 : rpcbind (EulerOS-SA-2017-1102) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-1263.NASL description An update for libtirpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib last seen 2020-06-01 modified 2020-06-02 plugin id 100327 published 2017-05-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100327 title CentOS 7 : libtirpc (CESA-2017:1263) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-608.NASL description This update for libtirpc fixes the following issues : - CVE-2017-8779: crafted UDP packaged could lead rpcbind to denial-of-service (bsc#1037559) This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2017-05-24 plugin id 100366 published 2017-05-24 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100366 title openSUSE Security Update : libtirpc (openSUSE-2017-608) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-1263.NASL description An update for libtirpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib last seen 2020-06-01 modified 2020-06-02 plugin id 100318 published 2017-05-22 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100318 title RHEL 7 : libtirpc (RHSA-2017:1263) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2017-191-02.NASL description New rpcbind packages are available for Slackware 14.2 and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 101359 published 2017-07-11 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101359 title Slackware 14.2 / current : rpcbind (SSA:2017-191-02) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-1268.NASL description From Red Hat Security Advisory 2017:1268 : An update for libtirpc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib last seen 2020-06-01 modified 2020-06-02 plugin id 100369 published 2017-05-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100369 title Oracle Linux 6 : libtirpc (ELSA-2017-1268) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-841.NASL description It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) last seen 2020-06-01 modified 2020-06-02 plugin id 100642 published 2017-06-07 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100642 title Amazon Linux AMI : rpcbind (ALAS-2017-841) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-615.NASL description This update for rpcbind fixes the following issues : - CVE-2017-8779: A crafted UDP package could lead rcpbind to remote denial-of-service (bsc#1037559) This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2017-05-26 plugin id 100447 published 2017-05-26 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100447 title openSUSE Security Update : rpcbind (openSUSE-2017-615) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1103.NASL description According to the version of the rpcbind package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-06-09 plugin id 100696 published 2017-06-09 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100696 title EulerOS 2.0 SP2 : rpcbind (EulerOS-SA-2017-1103) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-936.NASL description Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings). For Debian 7 last seen 2020-03-17 modified 2017-05-11 plugin id 100108 published 2017-05-11 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/100108 title Debian DLA-936-1 : libtirpc security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1306-1.NASL description This update for libtirpc fixes the following issues : - CVE-2017-8779: crafted UDP packaged could lead rpcbind to denial-of-service (bsc#1037559) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100241 published 2017-05-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100241 title SUSE SLED12 / SLES12 Security Update : libtirpc (SUSE-SU-2017:1306-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2017-191-01.NASL description New libtirpc packages are available for Slackware 14.2 and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 101358 published 2017-07-11 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101358 title Slackware 14.2 / current : libtirpc (SSA:2017-191-01) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1328-1.NASL description This update for rpcbind fixes the following issues : - CVE-2017-8779: A crafted UDP package could lead rcpbind to remote denial-of-service (bsc#1037559) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100289 published 2017-05-19 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100289 title SUSE SLED12 / SLES12 Security Update : rpcbind (SUSE-SU-2017:1328-1) NASL family Fedora Local Security Checks NASL id FEDORA_2017-44D0E642A4.NASL description Fix for CVE-2017-8779 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-05-22 plugin id 100309 published 2017-05-22 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100309 title Fedora 25 : libtirpc (2017-44d0e642a4) NASL family Scientific Linux Local Security Checks NASL id SL_20170523_RPCBIND_ON_SL6_X.NASL description Security Fix(es) : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) last seen 2020-03-18 modified 2017-05-24 plugin id 100373 published 2017-05-24 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100373 title Scientific Linux Security Update : rpcbind on SL6.x i386/x86_64 (20170523) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2017-1268.NASL description An update for libtirpc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib last seen 2020-06-01 modified 2020-06-02 plugin id 101471 published 2017-07-13 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101471 title Virtuozzo 6 : libtirpc / libtirpc-devel (VZLSA-2017-1268) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0106_LIBTIRPC.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has libtirpc packages installed that are affected by a vulnerability: - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127338 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127338 title NewStart CGSL MAIN 4.05 : libtirpc Vulnerability (NS-SA-2019-0106) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1567.NASL description According to the version of the rpcbind package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.(CVE-2017-8779) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2020-05-01 plugin id 136270 published 2020-05-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136270 title EulerOS Virtualization for ARM 64 3.0.2.0 : rpcbind (EulerOS-SA-2020-1567) NASL family Fedora Local Security Checks NASL id FEDORA_2017-AC407781C3.NASL description Security fix for CVE-2017-8779 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-05-16 plugin id 100196 published 2017-05-16 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100196 title Fedora 25 : rpcbind (2017-ac407781c3) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-1262.NASL description From Red Hat Security Advisory 2017:1262 : An update for rpcbind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1436 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) last seen 2020-06-01 modified 2020-06-02 plugin id 100341 published 2017-05-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100341 title Oracle Linux 7 : rpcbind (ELSA-2017-1262) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1097.NASL description According to the version of the libtirpc package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-06-09 plugin id 100690 published 2017-06-09 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100690 title EulerOS 2.0 SP2 : libtirpc (EulerOS-SA-2017-1097) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2017-1267.NASL description An update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1435 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101470 published 2017-07-13 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101470 title Virtuozzo 6 : rpcbind (VZLSA-2017-1267) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1096.NASL description According to the version of the libtirpc package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-06-09 plugin id 100689 published 2017-06-09 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100689 title EulerOS 2.0 SP1 : libtirpc (EulerOS-SA-2017-1096) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1614.NASL description According to the version of the rpcbind package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.(CVE-2017-8779) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-06 modified 2020-06-02 plugin id 137032 published 2020-06-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137032 title EulerOS 2.0 SP5 : rpcbind (EulerOS-SA-2020-1614) NASL family Scientific Linux Local Security Checks NASL id SL_20170521_LIBTIRPC_ON_SL7_X.NASL description Security Fix(es) : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) last seen 2020-03-18 modified 2017-05-23 plugin id 100347 published 2017-05-23 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100347 title Scientific Linux Security Update : libtirpc on SL7.x x86_64 (20170521) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-1267.NASL description An update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1435 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) last seen 2020-06-01 modified 2020-06-02 plugin id 100358 published 2017-05-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100358 title CentOS 6 : rpcbind (CESA-2017:1267) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2017-1262.NASL description An update for rpcbind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1436 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101466 published 2017-07-13 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101466 title Virtuozzo 7 : rpcbind (VZLSA-2017-1262) NASL family Scientific Linux Local Security Checks NASL id SL_20170521_RPCBIND_ON_SL7_X.NASL description Security Fix(es) : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) last seen 2020-03-18 modified 2017-05-23 plugin id 100348 published 2017-05-23 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100348 title Scientific Linux Security Update : rpcbind on SL7.x x86_64 (20170521) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-1395.NASL description An update for libntirpc is now available for Red Hat Gluster Storage 3.2 for RHEL 6 and Red Hat Gluster Storage 3.2 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This package contains a new implementation of the original libtirpc, transport-independent RPC (TI-RPC) library for NFS-Ganesha. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) last seen 2020-06-01 modified 2020-06-02 plugin id 100716 published 2017-06-09 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100716 title RHEL 6 / 7 : Storage Server (RHSA-2017:1395) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-1267.NASL description From Red Hat Security Advisory 2017:1267 : An update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1435 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) last seen 2020-06-01 modified 2020-06-02 plugin id 100368 published 2017-05-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100368 title Oracle Linux 6 : rpcbind (ELSA-2017-1267) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0017.NASL description An update of [rpcbind,libtirpc,freetype2] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111866 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111866 title Photon OS 1.0: Freetype2 / Libtirpc / Rpcbind PHSA-2017-0017 (deprecated) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0017_LIBTIRPC.NASL description An update of the libtirpc package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 121696 published 2019-02-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121696 title Photon OS 1.0: Libtirpc PHSA-2017-0017 NASL family Scientific Linux Local Security Checks NASL id SL_20170523_LIBTIRPC_ON_SL6_X.NASL description Security Fix(es) : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) last seen 2020-03-18 modified 2017-05-24 plugin id 100372 published 2017-05-24 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100372 title Scientific Linux Security Update : libtirpc on SL6.x i386/x86_64 (20170523) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1314-1.NASL description This update for libtirpc fixes the following issues : - CVE-2017-8779: crafted UDP packaged could lead rpcbind to denial-of-service (bsc#1037559) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100244 published 2017-05-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100244 title SUSE SLED12 / SLES12 Security Update : libtirpc (SUSE-SU-2017:1314-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3845.NASL description Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings). last seen 2020-06-01 modified 2020-06-02 plugin id 100029 published 2017-05-09 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100029 title Debian DSA-3845-1 : libtirpc - security update NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0100_RPCBIND.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has rpcbind packages installed that are affected by a vulnerability: - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127326 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127326 title NewStart CGSL MAIN 4.05 : rpcbind Vulnerability (NS-SA-2019-0100) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-1268.NASL description An update for libtirpc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib last seen 2020-06-01 modified 2020-06-02 plugin id 100359 published 2017-05-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100359 title CentOS 6 : libtirpc (CESA-2017:1268) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2017-1263.NASL description An update for libtirpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib last seen 2020-06-01 modified 2020-06-02 plugin id 101467 published 2017-07-13 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101467 title Virtuozzo 7 : libtirpc / libtirpc-devel (VZLSA-2017-1263) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-840.NASL description Memory leak when failing to parse XDR strings or bytearrays It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) last seen 2020-06-01 modified 2020-06-02 plugin id 100641 published 2017-06-07 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100641 title Amazon Linux AMI : libtirpc (ALAS-2017-840) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0108.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix for CVE-2017-8779 (bz 1449458) - tirpc: fix taddr2uaddr for AF_LOCAL (bz 1285144) - clnt_vc_create: Do not hold a global mutex during connect (bz 1332520) - Backported upstream debugging (bz 1273158) - Fixed memory leak in svc_vc_create (bz 1276687) - Fixed memory leak in svc_tli_create (bz 1276855) - Fixed memory leak in __svc_vc_dodestroy (bz 1276856) - xdr_rejected_reply: Don last seen 2020-06-01 modified 2020-06-02 plugin id 100399 published 2017-05-25 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100399 title OracleVM 3.3 / 3.4 : libtirpc (OVMSA-2017-0108) NASL family Fedora Local Security Checks NASL id FEDORA_2017-36CBA32910.NASL description Security fix for CVE-2017-8779 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-17 plugin id 101609 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101609 title Fedora 26 : rpcbind (2017-36cba32910) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-1262.NASL description An update for rpcbind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1436 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) last seen 2020-06-01 modified 2020-06-02 plugin id 100326 published 2017-05-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100326 title CentOS 7 : rpcbind (CESA-2017:1262) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0017_RPCBIND.NASL description An update of the rpcbind package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 121697 published 2019-02-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121697 title Photon OS 1.0: Rpcbind PHSA-2017-0017 NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1336-1.NASL description This update for rpcbind fixes the following issues : - CVE-2017-8779: A crafted UDP package could lead rcpbind to remote denial-of-service (bsc#1037559) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100291 published 2017-05-19 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100291 title SUSE SLED12 / SLES12 Security Update : rpcbind (SUSE-SU-2017:1336-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3759-1.NASL description Aldy Hernandez discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4429) It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14622) It was discovered that libtirpc incorrectly handled certain strings. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-8779). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 117331 published 2018-09-06 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117331 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libtirpc vulnerabilities (USN-3759-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-937.NASL description Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings). For Debian 7 last seen 2020-03-17 modified 2017-05-11 plugin id 100109 published 2017-05-11 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/100109 title Debian DLA-937-1 : rpcbind security update NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201706-07.NASL description The remote host is affected by the vulnerability described in GLSA-201706-07 (Libtirpc and RPCBind: Denial of Service) It was found that due to the way RPCBind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. Impact : A remote attacker could send thousands of messages to RPCBind, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 100650 published 2017-06-07 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100650 title GLSA-201706-07 : Libtirpc and RPCBind: Denial of Service NASL family Fedora Local Security Checks NASL id FEDORA_2017-57E8F5EC61.NASL description Fix for CVE-2017-8779 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-17 plugin id 101635 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101635 title Fedora 26 : libtirpc (2017-57e8f5ec61)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/142408/rpcbindlibtirpc-dos.txt |
| id | PACKETSTORM:142408 |
| last seen | 2017-05-09 |
| published | 2017-05-08 |
| reporter | Guido Vranken |
| source | https://packetstormsecurity.com/files/142408/RPCBind-libtirpc-Denial-Of-Service.html |
| title | RPCBind / libtirpc Denial Of Service |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
- https://github.com/guidovranken/rpcbomb/
- http://openwall.com/lists/oss-security/2017/05/04/1
- http://openwall.com/lists/oss-security/2017/05/03/12
- http://www.securityfocus.com/bid/98325
- https://github.com/drbothen/GO-RPCBOMB
- https://security.gentoo.org/glsa/201706-07
- http://www.securitytracker.com/id/1038532
- https://www.exploit-db.com/exploits/41974/
- http://www.debian.org/security/2017/dsa-3845
- https://access.redhat.com/errata/RHSA-2017:1395
- https://access.redhat.com/errata/RHSA-2017:1268
- https://access.redhat.com/errata/RHSA-2017:1267
- https://access.redhat.com/errata/RHSA-2017:1263
- https://access.redhat.com/errata/RHSA-2017:1262
- https://access.redhat.com/errata/RHBA-2017:1497
- https://security.netapp.com/advisory/ntap-20180109-0001/
- https://usn.ubuntu.com/3759-2/
- https://usn.ubuntu.com/3759-1/