Vulnerabilities > CVE-2017-8779 - Allocation of Resources Without Limits or Throttling vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
rpcbind-project
libtirpc-project
ntirpc-project
CWE-770
nessus
exploit available
metasploit

Summary

rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Locate and Exploit Test APIs
    An attacker exploits a sample, demonstration, or test API that is insecure by default and should not be resident on production systems. Some applications include APIs that are intended to allow an administrator to test and refine their domain. These APIs should usually be disabled once a system enters a production environment. Testing APIs may expose a great deal of diagnostic information intended to aid an administrator, but which can also be used by an attacker to further refine their attack. Moreover, testing APIs may not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may have many flaws and vulnerabilities that would allow an attacker to severely disrupt a target.
  • Flooding
    An attacker consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow control in management of interactions. Since each request consumes some of the target's resources, if a sufficiently large number of requests must be processed at the same time then the target's resources can be exhausted. The degree to which the attack is successful depends upon the volume of requests in relation to the amount of the resource the target has access to, and other mitigating circumstances such as the target's ability to shift load or acquired additional resources to deal with the depletion. The more protected the resource and the greater the quantity of it that must be consumed, the more resources the attacker may need to have at their disposal. A typical TCP/IP flooding attack is a Distributed Denial-of-Service attack where many machines simultaneously make a large number of requests to a target. Against a target with strong defenses and a large pool of resources, many tens of thousands of attacking machines may be required. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the attacker can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.
  • Excessive Allocation
    An attacker causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request. For example, using an Integer Attack, the attacker could cause a variable that controls allocation for a request to hold an excessively large value. Excessive allocation of resources can render a service degraded or unavailable to legitimate users and can even lead to crashing of the target.
  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.

Exploit-Db

descriptionRPCBind / libtirpc - Denial of Service. CVE-2017-8779. Dos exploit for Linux platform. Tags: Denial of Service (DoS)
fileexploits/linux/dos/41974.rb
idEDB-ID:41974
last seen2017-05-08
modified2017-05-08
platformlinux
port111
published2017-05-08
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/41974/
titleRPCBind / libtirpc - Denial of Service
typedos

Metasploit

descriptionThis module exploits a vulnerability in certain versions of rpcbind, LIBTIRPC, and NTIRPC, allowing an attacker to trigger large (and never freed) memory allocations for XDR strings on the target.
idMSF:AUXILIARY/DOS/RPC/RPCBOMB
last seen2019-12-01
modified2017-07-24
published2017-06-05
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/rpc/rpcbomb.rb
titleRPC DoS targeting *nix rpcbind/libtirpc

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1267.NASL
    descriptionAn update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1435 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen2020-06-01
    modified2020-06-02
    plugin id100370
    published2017-05-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100370
    titleRHEL 6 : rpcbind (RHSA-2017:1267)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:1267. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100370);
      script_version("3.10");
      script_cvs_date("Date: 2019/10/24 15:35:43");
    
      script_cve_id("CVE-2017-8779");
      script_xref(name:"RHSA", value:"2017:1267");
    
      script_name(english:"RHEL 6 : rpcbind (RHSA-2017:1267)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for rpcbind is now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    [Updated 16 June 2017] The packages distributed with this errata have
    a bug that can cause the rpcbind utility to terminate unexpectedly at
    start. RHBA-2017:1435 was released on 13 June 2017 to address this
    issue.
    
    The rpcbind utility is a server that converts Remote Procedure Call
    (RPC) program numbers into universal addresses. It must be running on
    the host to be able to make RPC calls on a server on that machine.
    
    Security Fix(es) :
    
    * It was found that due to the way rpcbind uses libtirpc (libntirpc),
    a memory leak can occur when parsing specially crafted XDR messages.
    An attacker sending thousands of messages to rpcbind could cause its
    memory usage to grow without bound, eventually causing it to be
    terminated by the OOM killer. (CVE-2017-8779)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHBA-2017:1435"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2017:1267"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-8779"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected rpcbind and / or rpcbind-debuginfo packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rpcbind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rpcbind-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2017:1267";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"rpcbind-0.2.0-13.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"rpcbind-0.2.0-13.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"rpcbind-0.2.0-13.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"rpcbind-debuginfo-0.2.0-13.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"rpcbind-debuginfo-0.2.0-13.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"rpcbind-debuginfo-0.2.0-13.el6_9")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rpcbind / rpcbind-debuginfo");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1268.NASL
    descriptionAn update for libtirpc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib
    last seen2020-06-01
    modified2020-06-02
    plugin id100371
    published2017-05-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100371
    titleRHEL 6 : libtirpc (RHSA-2017:1268)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0107.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fix for CVE-2017-8779 (bz 1449461) - Soft static allocate rpc uid/gid (bz 1300533) - Fix memory corruption in PMAP_CALLIT code (bz 1186933)
    last seen2020-06-01
    modified2020-06-02
    plugin id100398
    published2017-05-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100398
    titleOracleVM 3.3 / 3.4 : rpcbind (OVMSA-2017-0107)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1263.NASL
    descriptionFrom Red Hat Security Advisory 2017:1263 : An update for libtirpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib
    last seen2020-06-01
    modified2020-06-02
    plugin id100342
    published2017-05-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100342
    titleOracle Linux 7 : libtirpc (ELSA-2017-1263)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1468-1.NASL
    descriptionThis update for libtirpc and rpcbind fixes the following issues : - CVE-2017-8779: A crafted UDP package could lead rpcbind to remote denial-of-service. (bsc#1037559) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100569
    published2017-06-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100569
    titleSUSE SLES11 Security Update : libtirpc, rpcbind (SUSE-SU-2017:1468-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1262.NASL
    descriptionAn update for rpcbind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1436 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen2020-06-01
    modified2020-06-02
    plugin id100317
    published2017-05-22
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100317
    titleRHEL 7 : rpcbind (RHSA-2017:1262)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1102.NASL
    descriptionAccording to the version of the rpcbind package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-06-09
    plugin id100695
    published2017-06-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100695
    titleEulerOS 2.0 SP1 : rpcbind (EulerOS-SA-2017-1102)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-1263.NASL
    descriptionAn update for libtirpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib
    last seen2020-06-01
    modified2020-06-02
    plugin id100327
    published2017-05-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100327
    titleCentOS 7 : libtirpc (CESA-2017:1263)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-608.NASL
    descriptionThis update for libtirpc fixes the following issues : - CVE-2017-8779: crafted UDP packaged could lead rpcbind to denial-of-service (bsc#1037559) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-05-24
    plugin id100366
    published2017-05-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100366
    titleopenSUSE Security Update : libtirpc (openSUSE-2017-608)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1263.NASL
    descriptionAn update for libtirpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib
    last seen2020-06-01
    modified2020-06-02
    plugin id100318
    published2017-05-22
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100318
    titleRHEL 7 : libtirpc (RHSA-2017:1263)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-191-02.NASL
    descriptionNew rpcbind packages are available for Slackware 14.2 and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id101359
    published2017-07-11
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101359
    titleSlackware 14.2 / current : rpcbind (SSA:2017-191-02)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1268.NASL
    descriptionFrom Red Hat Security Advisory 2017:1268 : An update for libtirpc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib
    last seen2020-06-01
    modified2020-06-02
    plugin id100369
    published2017-05-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100369
    titleOracle Linux 6 : libtirpc (ELSA-2017-1268)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-841.NASL
    descriptionIt was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen2020-06-01
    modified2020-06-02
    plugin id100642
    published2017-06-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100642
    titleAmazon Linux AMI : rpcbind (ALAS-2017-841)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-615.NASL
    descriptionThis update for rpcbind fixes the following issues : - CVE-2017-8779: A crafted UDP package could lead rcpbind to remote denial-of-service (bsc#1037559) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-05-26
    plugin id100447
    published2017-05-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100447
    titleopenSUSE Security Update : rpcbind (openSUSE-2017-615)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1103.NASL
    descriptionAccording to the version of the rpcbind package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-06-09
    plugin id100696
    published2017-06-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100696
    titleEulerOS 2.0 SP2 : rpcbind (EulerOS-SA-2017-1103)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-936.NASL
    descriptionGuido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings). For Debian 7
    last seen2020-03-17
    modified2017-05-11
    plugin id100108
    published2017-05-11
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/100108
    titleDebian DLA-936-1 : libtirpc security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1306-1.NASL
    descriptionThis update for libtirpc fixes the following issues : - CVE-2017-8779: crafted UDP packaged could lead rpcbind to denial-of-service (bsc#1037559) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100241
    published2017-05-17
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100241
    titleSUSE SLED12 / SLES12 Security Update : libtirpc (SUSE-SU-2017:1306-1)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-191-01.NASL
    descriptionNew libtirpc packages are available for Slackware 14.2 and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id101358
    published2017-07-11
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101358
    titleSlackware 14.2 / current : libtirpc (SSA:2017-191-01)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1328-1.NASL
    descriptionThis update for rpcbind fixes the following issues : - CVE-2017-8779: A crafted UDP package could lead rcpbind to remote denial-of-service (bsc#1037559) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100289
    published2017-05-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100289
    titleSUSE SLED12 / SLES12 Security Update : rpcbind (SUSE-SU-2017:1328-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-44D0E642A4.NASL
    descriptionFix for CVE-2017-8779 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-05-22
    plugin id100309
    published2017-05-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100309
    titleFedora 25 : libtirpc (2017-44d0e642a4)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170523_RPCBIND_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen2020-03-18
    modified2017-05-24
    plugin id100373
    published2017-05-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100373
    titleScientific Linux Security Update : rpcbind on SL6.x i386/x86_64 (20170523)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-1268.NASL
    descriptionAn update for libtirpc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib
    last seen2020-06-01
    modified2020-06-02
    plugin id101471
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101471
    titleVirtuozzo 6 : libtirpc / libtirpc-devel (VZLSA-2017-1268)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0106_LIBTIRPC.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has libtirpc packages installed that are affected by a vulnerability: - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127338
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127338
    titleNewStart CGSL MAIN 4.05 : libtirpc Vulnerability (NS-SA-2019-0106)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1567.NASL
    descriptionAccording to the version of the rpcbind package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.(CVE-2017-8779) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2020-05-01
    plugin id136270
    published2020-05-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136270
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : rpcbind (EulerOS-SA-2020-1567)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-AC407781C3.NASL
    descriptionSecurity fix for CVE-2017-8779 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-05-16
    plugin id100196
    published2017-05-16
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100196
    titleFedora 25 : rpcbind (2017-ac407781c3)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1262.NASL
    descriptionFrom Red Hat Security Advisory 2017:1262 : An update for rpcbind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1436 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen2020-06-01
    modified2020-06-02
    plugin id100341
    published2017-05-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100341
    titleOracle Linux 7 : rpcbind (ELSA-2017-1262)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1097.NASL
    descriptionAccording to the version of the libtirpc package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-06-09
    plugin id100690
    published2017-06-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100690
    titleEulerOS 2.0 SP2 : libtirpc (EulerOS-SA-2017-1097)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-1267.NASL
    descriptionAn update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1435 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101470
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101470
    titleVirtuozzo 6 : rpcbind (VZLSA-2017-1267)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1096.NASL
    descriptionAccording to the version of the libtirpc package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-06-09
    plugin id100689
    published2017-06-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100689
    titleEulerOS 2.0 SP1 : libtirpc (EulerOS-SA-2017-1096)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1614.NASL
    descriptionAccording to the version of the rpcbind package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.(CVE-2017-8779) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-06
    modified2020-06-02
    plugin id137032
    published2020-06-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137032
    titleEulerOS 2.0 SP5 : rpcbind (EulerOS-SA-2020-1614)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170521_LIBTIRPC_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen2020-03-18
    modified2017-05-23
    plugin id100347
    published2017-05-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100347
    titleScientific Linux Security Update : libtirpc on SL7.x x86_64 (20170521)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-1267.NASL
    descriptionAn update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1435 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen2020-06-01
    modified2020-06-02
    plugin id100358
    published2017-05-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100358
    titleCentOS 6 : rpcbind (CESA-2017:1267)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-1262.NASL
    descriptionAn update for rpcbind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1436 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101466
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101466
    titleVirtuozzo 7 : rpcbind (VZLSA-2017-1262)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170521_RPCBIND_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen2020-03-18
    modified2017-05-23
    plugin id100348
    published2017-05-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100348
    titleScientific Linux Security Update : rpcbind on SL7.x x86_64 (20170521)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1395.NASL
    descriptionAn update for libntirpc is now available for Red Hat Gluster Storage 3.2 for RHEL 6 and Red Hat Gluster Storage 3.2 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This package contains a new implementation of the original libtirpc, transport-independent RPC (TI-RPC) library for NFS-Ganesha. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen2020-06-01
    modified2020-06-02
    plugin id100716
    published2017-06-09
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100716
    titleRHEL 6 / 7 : Storage Server (RHSA-2017:1395)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1267.NASL
    descriptionFrom Red Hat Security Advisory 2017:1267 : An update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1435 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen2020-06-01
    modified2020-06-02
    plugin id100368
    published2017-05-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100368
    titleOracle Linux 6 : rpcbind (ELSA-2017-1267)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0017.NASL
    descriptionAn update of [rpcbind,libtirpc,freetype2] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111866
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111866
    titlePhoton OS 1.0: Freetype2 / Libtirpc / Rpcbind PHSA-2017-0017 (deprecated)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0017_LIBTIRPC.NASL
    descriptionAn update of the libtirpc package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121696
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121696
    titlePhoton OS 1.0: Libtirpc PHSA-2017-0017
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170523_LIBTIRPC_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen2020-03-18
    modified2017-05-24
    plugin id100372
    published2017-05-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100372
    titleScientific Linux Security Update : libtirpc on SL6.x i386/x86_64 (20170523)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1314-1.NASL
    descriptionThis update for libtirpc fixes the following issues : - CVE-2017-8779: crafted UDP packaged could lead rpcbind to denial-of-service (bsc#1037559) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100244
    published2017-05-17
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100244
    titleSUSE SLED12 / SLES12 Security Update : libtirpc (SUSE-SU-2017:1314-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3845.NASL
    descriptionGuido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).
    last seen2020-06-01
    modified2020-06-02
    plugin id100029
    published2017-05-09
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100029
    titleDebian DSA-3845-1 : libtirpc - security update
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0100_RPCBIND.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has rpcbind packages installed that are affected by a vulnerability: - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127326
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127326
    titleNewStart CGSL MAIN 4.05 : rpcbind Vulnerability (NS-SA-2019-0100)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-1268.NASL
    descriptionAn update for libtirpc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib
    last seen2020-06-01
    modified2020-06-02
    plugin id100359
    published2017-05-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100359
    titleCentOS 6 : libtirpc (CESA-2017:1268)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-1263.NASL
    descriptionAn update for libtirpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib
    last seen2020-06-01
    modified2020-06-02
    plugin id101467
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101467
    titleVirtuozzo 7 : libtirpc / libtirpc-devel (VZLSA-2017-1263)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-840.NASL
    descriptionMemory leak when failing to parse XDR strings or bytearrays It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen2020-06-01
    modified2020-06-02
    plugin id100641
    published2017-06-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100641
    titleAmazon Linux AMI : libtirpc (ALAS-2017-840)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0108.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fix for CVE-2017-8779 (bz 1449458) - tirpc: fix taddr2uaddr for AF_LOCAL (bz 1285144) - clnt_vc_create: Do not hold a global mutex during connect (bz 1332520) - Backported upstream debugging (bz 1273158) - Fixed memory leak in svc_vc_create (bz 1276687) - Fixed memory leak in svc_tli_create (bz 1276855) - Fixed memory leak in __svc_vc_dodestroy (bz 1276856) - xdr_rejected_reply: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id100399
    published2017-05-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100399
    titleOracleVM 3.3 / 3.4 : libtirpc (OVMSA-2017-0108)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-36CBA32910.NASL
    descriptionSecurity fix for CVE-2017-8779 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-17
    plugin id101609
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101609
    titleFedora 26 : rpcbind (2017-36cba32910)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-1262.NASL
    descriptionAn update for rpcbind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1436 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen2020-06-01
    modified2020-06-02
    plugin id100326
    published2017-05-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100326
    titleCentOS 7 : rpcbind (CESA-2017:1262)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0017_RPCBIND.NASL
    descriptionAn update of the rpcbind package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121697
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121697
    titlePhoton OS 1.0: Rpcbind PHSA-2017-0017
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1336-1.NASL
    descriptionThis update for rpcbind fixes the following issues : - CVE-2017-8779: A crafted UDP package could lead rcpbind to remote denial-of-service (bsc#1037559) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100291
    published2017-05-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100291
    titleSUSE SLED12 / SLES12 Security Update : rpcbind (SUSE-SU-2017:1336-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3759-1.NASL
    descriptionAldy Hernandez discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4429) It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14622) It was discovered that libtirpc incorrectly handled certain strings. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-8779). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117331
    published2018-09-06
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117331
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libtirpc vulnerabilities (USN-3759-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-937.NASL
    descriptionGuido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings). For Debian 7
    last seen2020-03-17
    modified2017-05-11
    plugin id100109
    published2017-05-11
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/100109
    titleDebian DLA-937-1 : rpcbind security update
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201706-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201706-07 (Libtirpc and RPCBind: Denial of Service) It was found that due to the way RPCBind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. Impact : A remote attacker could send thousands of messages to RPCBind, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id100650
    published2017-06-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100650
    titleGLSA-201706-07 : Libtirpc and RPCBind: Denial of Service
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-57E8F5EC61.NASL
    descriptionFix for CVE-2017-8779 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-17
    plugin id101635
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101635
    titleFedora 26 : libtirpc (2017-57e8f5ec61)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/142408/rpcbindlibtirpc-dos.txt
idPACKETSTORM:142408
last seen2017-05-09
published2017-05-08
reporterGuido Vranken
sourcehttps://packetstormsecurity.com/files/142408/RPCBind-libtirpc-Denial-Of-Service.html
titleRPCBind / libtirpc Denial Of Service

Redhat

advisories
  • bugzilla
    id1448124
    titleCVE-2017-8779 rpcbind, libtirpc, libntirpc: Memory leak when failing to parse XDR strings or bytearrays
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • commentrpcbind is earlier than 0:0.2.0-38.el7_3
        ovaloval:com.redhat.rhsa:tst:20171262001
      • commentrpcbind is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20160005002
    rhsa
    idRHSA-2017:1262
    released2017-05-22
    severityImportant
    titleRHSA-2017:1262: rpcbind security update (Important)
  • bugzilla
    id1448124
    titleCVE-2017-8779 rpcbind, libtirpc, libntirpc: Memory leak when failing to parse XDR strings or bytearrays
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentlibtirpc-devel is earlier than 0:0.2.4-0.8.el7_3
            ovaloval:com.redhat.rhsa:tst:20171263001
          • commentlibtirpc-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171991002
        • AND
          • commentlibtirpc is earlier than 0:0.2.4-0.8.el7_3
            ovaloval:com.redhat.rhsa:tst:20171263003
          • commentlibtirpc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171991004
    rhsa
    idRHSA-2017:1263
    released2017-05-22
    severityImportant
    titleRHSA-2017:1263: libtirpc security update (Important)
  • bugzilla
    id1448124
    titleCVE-2017-8779 rpcbind, libtirpc, libntirpc: Memory leak when failing to parse XDR strings or bytearrays
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • commentrpcbind is earlier than 0:0.2.0-13.el6_9
        ovaloval:com.redhat.rhsa:tst:20171267001
      • commentrpcbind is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20160005002
    rhsa
    idRHSA-2017:1267
    released2017-05-23
    severityImportant
    titleRHSA-2017:1267: rpcbind security update (Important)
  • bugzilla
    id1448124
    titleCVE-2017-8779 rpcbind, libtirpc, libntirpc: Memory leak when failing to parse XDR strings or bytearrays
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentlibtirpc-devel is earlier than 0:0.2.1-13.el6_9
            ovaloval:com.redhat.rhsa:tst:20171268001
          • commentlibtirpc-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171991002
        • AND
          • commentlibtirpc is earlier than 0:0.2.1-13.el6_9
            ovaloval:com.redhat.rhsa:tst:20171268003
          • commentlibtirpc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171991004
    rhsa
    idRHSA-2017:1268
    released2017-05-23
    severityImportant
    titleRHSA-2017:1268: libtirpc security update (Important)
  • rhsa
    idRHBA-2017:1497
  • rhsa
    idRHSA-2017:1395
rpms
  • calamari-server-0:1.5.6-2.el7cp
  • ceph-base-1:10.2.7-27.el7cp
  • ceph-common-1:10.2.7-27.el7cp
  • ceph-fuse-1:10.2.7-27.el7cp
  • ceph-iscsi-cli-0:2.0-5.el7cp
  • ceph-iscsi-config-0:2.0-4.el7cp
  • ceph-iscsi-tools-0:2.0-3.el7cp
  • ceph-mds-1:10.2.7-27.el7cp
  • ceph-mon-1:10.2.7-27.el7cp
  • ceph-osd-1:10.2.7-27.el7cp
  • ceph-radosgw-1:10.2.7-27.el7cp
  • ceph-selinux-1:10.2.7-27.el7cp
  • ceph-test-1:10.2.7-27.el7cp
  • libcephfs1-1:10.2.7-27.el7cp
  • libcephfs1-devel-1:10.2.7-27.el7cp
  • libntirpc-0:1.4.3-2.el7
  • libntirpc-debuginfo-0:1.4.3-2.el7
  • librados2-1:10.2.7-27.el7cp
  • librados2-devel-1:10.2.7-27.el7cp
  • librbd1-1:10.2.7-27.el7cp
  • librbd1-devel-1:10.2.7-27.el7cp
  • librgw2-1:10.2.7-27.el7cp
  • librgw2-devel-1:10.2.7-27.el7cp
  • libtcmu-0:1.2.1-0.2.20170104.git3d33566.el7cp
  • nfs-ganesha-0:2.4.5-7.el7cp
  • nfs-ganesha-debuginfo-0:2.4.5-7.el7cp
  • nfs-ganesha-rgw-0:2.4.5-7.el7cp
  • pcp-pmda-lio-0:1.0-2.el7cp
  • python-cephfs-1:10.2.7-27.el7cp
  • python-crypto-0:2.6.1-1.2.el7cp
  • python-crypto-debuginfo-0:2.6.1-1.2.el7cp
  • python-flask-1:0.10.1-5.el7
  • python-itsdangerous-0:0.23-1.el7
  • python-jinja2-0:2.7.2-2.el7cp
  • python-rados-1:10.2.7-27.el7cp
  • python-rbd-1:10.2.7-27.el7cp
  • python-rtslib-0:2.1.fb64-0.1.20170301.git3637171.el7cp
  • python-werkzeug-0:0.9.1-1.el7
  • rbd-mirror-1:10.2.7-27.el7cp
  • targetcli-0:2.1.fb47-0.1.20170301.gitf632f38.el7cp
  • tcmu-runner-0:1.2.1-0.2.20170104.git3d33566.el7cp
  • tcmu-runner-debuginfo-0:1.2.1-0.2.20170104.git3d33566.el7cp
  • userspace-rcu-0:0.7.16-1.el7cp
  • userspace-rcu-debuginfo-0:0.7.16-1.el7cp
  • rpcbind-0:0.2.0-38.el7_3
  • rpcbind-debuginfo-0:0.2.0-38.el7_3
  • libtirpc-0:0.2.4-0.8.el7_3
  • libtirpc-debuginfo-0:0.2.4-0.8.el7_3
  • libtirpc-devel-0:0.2.4-0.8.el7_3
  • rpcbind-0:0.2.0-13.el6_9
  • rpcbind-debuginfo-0:0.2.0-13.el6_9
  • libtirpc-0:0.2.1-13.el6_9
  • libtirpc-debuginfo-0:0.2.1-13.el6_9
  • libtirpc-devel-0:0.2.1-13.el6_9
  • libntirpc-0:1.4.3-4.el6rhs
  • libntirpc-0:1.4.3-4.el7rhgs
  • libntirpc-debuginfo-0:1.4.3-4.el6rhs
  • libntirpc-debuginfo-0:1.4.3-4.el7rhgs
  • libntirpc-devel-0:1.4.3-4.el6rhs
  • libntirpc-devel-0:1.4.3-4.el7rhgs