CVE-2017-8779
RPCBind / libtirpc - Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
Rpcbind versión 0.2.4, LIBTIRPC versión 1.0.1 y versiones 1.0.2-rc a 1.0.2-rc3, y NTIRPC versión 1.4.3, no consideran el tamaño máximo de datos RPC durante la asignación de memoria para cadenas XDR, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria sin liberación) a través de un paquete UDP manipulado enviado al puerto 111, también conocido como rpcbomb.
It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-05-04 CVE Reserved
- 2017-05-04 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-11-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (22)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/98325 | Third Party Advisory | |
http://www.securitytracker.com/id/1038532 | Vdb Entry | |
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches | Third Party Advisory | |
https://security.netapp.com/advisory/ntap-20180109-0001 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/41974 | 2024-08-05 |
URL | Date | SRC |
---|---|---|
http://openwall.com/lists/oss-security/2017/05/03/12 | 2019-10-03 | |
http://openwall.com/lists/oss-security/2017/05/04/1 | 2019-10-03 | |
https://github.com/drbothen/GO-RPCBOMB | 2019-10-03 | |
https://github.com/guidovranken/rpcbomb | 2019-10-03 |
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3845 | 2019-10-03 | |
https://access.redhat.com/errata/RHBA-2017:1497 | 2019-10-03 | |
https://access.redhat.com/errata/RHSA-2017:1262 | 2019-10-03 | |
https://access.redhat.com/errata/RHSA-2017:1263 | 2019-10-03 | |
https://access.redhat.com/errata/RHSA-2017:1267 | 2019-10-03 | |
https://access.redhat.com/errata/RHSA-2017:1268 | 2019-10-03 | |
https://access.redhat.com/errata/RHSA-2017:1395 | 2019-10-03 | |
https://security.gentoo.org/glsa/201706-07 | 2019-10-03 | |
https://usn.ubuntu.com/3759-1 | 2019-10-03 | |
https://usn.ubuntu.com/3759-2 | 2019-10-03 | |
https://access.redhat.com/security/cve/CVE-2017-8779 | 2017-06-06 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1448124 | 2017-06-06 | |
https://access.redhat.com/solutions/3025811 | 2017-06-06 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rpcbind Project Search vendor "Rpcbind Project" | Rpcbind Search vendor "Rpcbind Project" for product "Rpcbind" | <= 0.2.4 Search vendor "Rpcbind Project" for product "Rpcbind" and version " <= 0.2.4" | - |
Affected
| ||||||
Libtirpc Project Search vendor "Libtirpc Project" | Libtirpc Search vendor "Libtirpc Project" for product "Libtirpc" | <= 1.0.1 Search vendor "Libtirpc Project" for product "Libtirpc" and version " <= 1.0.1" | - |
Affected
| ||||||
Ntirpc Project Search vendor "Ntirpc Project" | Ntirpc Search vendor "Ntirpc Project" for product "Ntirpc" | <= 1.4.3 Search vendor "Ntirpc Project" for product "Ntirpc" and version " <= 1.4.3" | - |
Affected
|