CVE-2010-2064
https://notcve.org/view.php?id=CVE-2010-2064
rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. rpcbind versión 0.2.0, permite a usuarios locales escribir en archivos arbitrarios y alcanzar privilegios mediante un ataque de tipo symlink en los archivos (1) /tmp/portmap.xdr y (2) /tmp/rpcbind.xdr. • https://access.redhat.com/security/cve/cve-2010-2064 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2064 https://security-tracker.debian.org/tracker/CVE-2010-2064 https://www.openwall.com/lists/oss-security/2010/06/08/3 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2010-2061
https://notcve.org/view.php?id=CVE-2010-2061
rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started. rpcbind versión 0.2.0, no comprueba apropiadamente los archivos (1) /tmp/portmap.xdr y (2) /tmp/rpcbind.xdr, que puede ser creado por parte de un atacante antes de que se inicie el demonio. • https://access.redhat.com/security/cve/cve-2010-2061 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435#5 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2061 https://security-tracker.debian.org/tracker/CVE-2010-2061 https://www.openwall.com/lists/oss-security/2010/06/08/3 • CWE-20: Improper Input Validation •
CVE-2017-8779 – RPCBind / libtirpc - Denial of Service
https://notcve.org/view.php?id=CVE-2017-8779
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. Rpcbind versión 0.2.4, LIBTIRPC versión 1.0.1 y versiones 1.0.2-rc a 1.0.2-rc3, y NTIRPC versión 1.4.3, no consideran el tamaño máximo de datos RPC durante la asignación de memoria para cadenas XDR, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria sin liberación) a través de un paquete UDP manipulado enviado al puerto 111, también conocido como rpcbomb. It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. • https://www.exploit-db.com/exploits/41974 http://openwall.com/lists/oss-security/2017/05/03/12 http://openwall.com/lists/oss-security/2017/05/04/1 http://www.debian.org/security/2017/dsa-3845 http://www.securityfocus.com/bid/98325 http://www.securitytracker.com/id/1038532 https://access.redhat.com/errata/RHBA-2017:1497 https://access.redhat.com/errata/RHSA-2017:1262 https://access.redhat.com/errata/RHSA-2017:1263 https://access.redhat.com/errata/RHSA-2017: • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2015-7236 – rpcbind: Use-after-free vulnerability in PMAP_CALLIT
https://notcve.org/view.php?id=CVE-2015-7236
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. Vulnerabilidad de uso después de liberación de memoria en xprt_set_caller en rpcb_svc_com.c en rpcbind 0.2.1 y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de paquetes manipulados, implicando un código PMAP_CALLIT. A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote, unauthenticated attacker could possibly exploit this flaw to crash the rpcbind service (denial of service) by performing a series of UDP and TCP calls. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171030.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172152.html http://www.debian.org/security/2015/dsa-3366 http://www.openwall.com/lists/oss-security/2015/09/17/1 http://www.openwall.com/lists/oss-security/2015/09/17/6 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www& • CWE-416: Use After Free •