Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 15.04 |
| oracle | solaris | 11.3 |
| rpcbind_project | rpcbind | * |
| canonical | ubuntu_linux | 12.04 |
| oracle | solaris | 10 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 14.04 |
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libtirpc_project | libtirpc | * |
| rpcbind_project | rpcbind | * |
| ntirpc_project | ntirpc | * |