CVE-2017-8779 – RPCBind / libtirpc - Denial of Service

https://notcve.org/view.php?id=CVE-2017-8779

rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. Rpcbind versión 0.2.4, LIBTIRPC versión 1.0.1 y versiones 1.0.2-rc a 1.0.2-rc3, y NTIRPC versión 1.4.3, no consideran el tamaño máximo de datos RPC durante la asignación de memoria para cadenas XDR, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria sin liberación) a través de un paquete UDP manipulado enviado al puerto 111, también conocido como rpcbomb. It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. • https://www.exploit-db.com/exploits/41974 http://openwall.com/lists/oss-security/2017/05/03/12 http://openwall.com/lists/oss-security/2017/05/04/1 http://www.debian.org/security/2017/dsa-3845 http://www.securityfocus.com/bid/98325 http://www.securitytracker.com/id/1038532 https://access.redhat.com/errata/RHBA-2017:1497 https://access.redhat.com/errata/RHSA-2017:1262 https://access.redhat.com/errata/RHSA-2017:1263 https://access.redhat.com/errata/RHSA-2017: • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •