Rpcbind CVE-2017-8779 Remote Denial of Service Vulnerability



Rpcbind is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

Rpcbind 0.2.4 and prior versions are vulnerable.

Information

Bugtraq ID: 98325
Class: Design Error
CVE: CVE-2017-8779

Remote: Yes
Local: No
Published: May 03 2017 12:00AM
Updated: May 05 2017 06:06PM
Credit: Guido Vranken
Vulnerable: RPCBind RPCBind 0.2.4
RPCBind RPCBind 0.2
Redhat Gluster Storage 3.0
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Redhat Ceph Storage 2
NTIRPC NTIRPC 1.4.3
NTIRPC NTIRPC 1.4
libtirpc libtirpc 1.0.1
libtirpc libtirpc 0.1.7
libtirpc libtirpc 1.0.2-rc3
libtirpc libtirpc 1.0.2-rc
libtirpc libtirpc 0.2.3


Not Vulnerable:

Exploit


The researcher has created an exploit code to demonstrate the issue. Please see the references for more information.


Related Posts

Comments