Vulnerabilities > CVE-2018-14621 - Infinite Loop vulnerability in Libtirpc Project Libtirpc
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0113.NASL description An update of 'libtirpc' packages of Photon OS has been released. last seen 2019-02-08 modified 2019-02-07 plugin id 119750 published 2018-12-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=119750 title Photon OS 2.0: Libtirpc PHSA-2018-2.0-0113 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-2.0-0113. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(119750); script_version("1.2"); script_cvs_date("Date: 2019/02/07 18:59:51"); script_cve_id("CVE-2018-14621"); script_name(english:"Photon OS 2.0: Libtirpc PHSA-2018-2.0-0113 (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of 'libtirpc' packages of Photon OS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-2-113 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?276c8f99"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-14621"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libtirpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "libtirpc-1.0.1-8.ph2", "libtirpc-debuginfo-1.0.1-8.ph2", "libtirpc-devel-1.0.1-8.ph2" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtirpc"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0198_LIBTIRPC.NASL description An update of the libtirpc package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121898 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121898 title Photon OS 1.0: Libtirpc PHSA-2018-1.0-0198 NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3146-1.NASL description This update for libtirpc fixes the following issues : Security issues fixed : CVE-2018-14621: libtirpc: Infinite loop in EMFILE case in svc_vc.c (bsc#1106519) CVE-2018-14622: libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c (bsc#1106517) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118141 published 2018-10-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118141 title SUSE SLES11 Security Update : libtirpc (SUSE-SU-2018:3146-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0113_LIBTIRPC.NASL description An update of the libtirpc package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 122011 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122011 title Photon OS 2.0: Libtirpc PHSA-2018-2.0-0113 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0198.NASL description An update of 'libtirpc' packages of Photon OS has been released. last seen 2019-02-08 modified 2019-02-07 plugin id 119749 published 2018-12-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=119749 title Photon OS 1.0: Libtirpc PHSA-2018-1.0-0198 (deprecated)
References
- http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=fce98161d9815ea016855d9f00274276452c2c4b
- https://bugzilla.novell.com/show_bug.cgi?id=968175
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621
- http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=fce98161d9815ea016855d9f00274276452c2c4b
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621
- https://bugzilla.novell.com/show_bug.cgi?id=968175