Candidate: CVE-2010-2061
PublicDate: 2019-10-29 22:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2061
 http://openwall.com/lists/oss-security/2010/06/08/3
Description:
 rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2)
 /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is
 started.
Ubuntu-Description: 
Notes: 
 sbeattie> init script converted to upstart job in oneiric.
 sbeattie> doesn't look like the statedir setting got transferred to it
Bugs: 
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435
Priority: low
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_rpcbind:
upstream_rpcbind: released (0.2.0-4.1)
hardy_rpcbind: DNE
lucid_rpcbind: ignored (reached end-of-life)
maverick_rpcbind: not-affected (0.2.0-4.1)
natty_rpcbind: not-affected (0.2.0-4.1)
oneiric_rpcbind: not-affected (0.2.0-6ubuntu3.1)
precise_rpcbind: not-affected (0.2.0-7ubuntu1)
quantal_rpcbind: not-affected (0.2.0-7ubuntu1)
raring_rpcbind: not-affected (0.2.0-7ubuntu1)
saucy_rpcbind: not-affected (0.2.0-7ubuntu1)
devel_rpcbind: not-affected (0.2.0-7ubuntu1)