[Secure-testing-team] Bug#861834: libtirpc: CVE-2017-8779
Salvatore Bonaccorso
carnil at debian.org
Thu May 4 15:01:11 UTC 2017
Source: libtirpc
Version: 0.2.5-1
Severity: grave
Tags: security upstream patch
Justification: user security hole
Control: clone -1 -2
Control: reassign -2 src:rpcbind
Control: found -2 0.2.1-6
Hi,
the following vulnerability was published for libtirpc.
CVE-2017-8779[0]:
| rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through
| 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC
| data size during memory allocation for XDR strings, which allows remote
| attackers to cause a denial of service (memory consumption with no
| subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
Note: that the rpcbind version needs to be build with a fixed version
of libtirpc, as it needs some new code in libtircp.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8779
[1] http://www.openwall.com/lists/oss-security/2017/05/03/12
[2] https://github.com/guidovranken/rpcbomb/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list