PublicDateAtUSN: 2017-05-04 Candidate: CVE-2017-8779 PublicDate: 2017-05-04 14:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8779 http://www.openwall.com/lists/oss-security/2017/05/04/1 https://github.com/guidovranken/rpcbomb/ http://openwall.com/lists/oss-security/2017/05/03/12 http://openwall.com/lists/oss-security/2017/05/04/1 https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ https://ubuntu.com/security/notices/USN-3759-1 https://ubuntu.com/security/notices/USN-3759-2 https://ubuntu.com/security/notices/USN-4986-1 https://ubuntu.com/security/notices/USN-4986-2 Description: rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. Ubuntu-Description: Notes: mdeslaur> patch used by Debian in 0.2.3-0.6 isn't the correct one and mdeslaur> the reproducer still works against rpcbind Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861834 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861835 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861836 https://bugs.launchpad.net/ubuntu/+source/rpcbind/+bug/1687930 https://bugs.launchpad.net/ubuntu/+source/rpcbind/+bug/1925280 Priority: medium Discovered-by: Assigned-to: mdeslaur CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] Patches_libtirpc: upstream_libtirpc: released (0.2.5-1.2) precise_libtirpc: ignored (reached end-of-life) precise/esm_libtirpc: released (0.2.2-5ubuntu0.1) trusty_libtirpc: released (0.2.2-5ubuntu2.1) trusty/esm_libtirpc: released (0.2.2-5ubuntu2.1) vivid/stable-phone-overlay_libtirpc: DNE vivid/ubuntu-core_libtirpc: DNE xenial_libtirpc: released (0.2.5-1ubuntu0.1) esm-infra/xenial_libtirpc: released (0.2.5-1ubuntu0.1) yakkety_libtirpc: ignored (reached end-of-life) zesty_libtirpc: ignored (reached end-of-life) artful_libtirpc: not-affected (0.2.5-1.2) bionic_libtirpc: not-affected (0.2.5-1.2) cosmic_libtirpc: not-affected (0.2.5-1.2) disco_libtirpc: not-affected (0.2.5-1.2) eoan_libtirpc: not-affected (0.2.5-1.2) focal_libtirpc: not-affected (0.2.5-1.2) groovy_libtirpc: not-affected (0.2.5-1.2) hirsute_libtirpc: not-affected (0.2.5-1.2) impish_libtirpc: not-affected (0.2.5-1.2) jammy_libtirpc: not-affected (0.2.5-1.2) devel_libtirpc: not-affected (0.2.5-1.2) Patches_rpcbind: upstream: https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commit;h=7ea36eeece56b59f98e469934e4c20b4da043346 upstream_rpcbind: needs-triage precise_rpcbind: ignored (reached end-of-life) precise/esm_rpcbind: ignored (end of ESM support, was needs-triage) trusty_rpcbind: ignored (reached end-of-life) trusty/esm_rpcbind: released (0.2.1-2ubuntu2.2+esm1) vivid/stable-phone-overlay_rpcbind: DNE vivid/ubuntu-core_rpcbind: DNE xenial_rpcbind: ignored (end of standard support, was needed) esm-infra/xenial_rpcbind: released (0.2.3-0.2ubuntu0.16.04.1+esm1) yakkety_rpcbind: ignored (reached end-of-life) zesty_rpcbind: ignored (reached end-of-life) artful_rpcbind: ignored (reached end-of-life) bionic_rpcbind: released (0.2.3-0.6ubuntu0.18.04.2) cosmic_rpcbind: ignored (reached end-of-life) disco_rpcbind: not-affected (1.2.5-0.3) eoan_rpcbind: not-affected (1.2.5-0.3build1) focal_rpcbind: not-affected (1.2.5-8) groovy_rpcbind: not-affected (1.2.5-9) hirsute_rpcbind: not-affected (1.2.5-9) impish_rpcbind: not-affected (1.2.5-9) jammy_rpcbind: not-affected (1.2.5-9) devel_rpcbind: not-affected (1.2.5-9) Patches_ntirpc: upstream_ntirpc: released (1.4.4-1) precise_ntirpc: DNE precise/esm_ntirpc: DNE trusty_ntirpc: DNE trusty/esm_ntirpc: DNE vivid/stable-phone-overlay_ntirpc: DNE vivid/ubuntu-core_ntirpc: DNE xenial_ntirpc: ignored (end of standard support, was needed) yakkety_ntirpc: ignored (reached end-of-life) zesty_ntirpc: ignored (reached end-of-life) artful_ntirpc: ignored (reached end-of-life) bionic_ntirpc: not-affected (1.6.1-1) cosmic_ntirpc: not-affected (1.6.1-1) disco_ntirpc: not-affected (1.6.1-1) eoan_ntirpc: not-affected (1.6.1-1) focal_ntirpc: not-affected (1.6.1-1) groovy_ntirpc: not-affected (1.6.1-1) hirsute_ntirpc: not-affected (1.6.1-1) impish_ntirpc: not-affected (1.6.1-1) jammy_ntirpc: not-affected (1.6.1-1) devel_ntirpc: not-affected (1.6.1-1)