Medium: rpcbind

🗓️ 10 Mar 2016 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 40 Views

rpcbind use-after-free flaw in PMAP_CALLIT operation, allows remote attacker to crash service by UDP/TCP call

Reporter	Title	Published	Views	Family All 85
FreeBSD	FreeBSD -- rpcbind(8) remote denial of service [REVISED]	29 Sep 201500:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM Flex System Manager (FSM) is affected by a vulnerability in rpcbind (CVE-2015-7236)	18 Jun 201801:30	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Python, rpcbind, SQLite affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance	17 Jun 201822:33	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in rpcbind affects PowerKVM (CVE-2015-7236)	18 Jun 201801:30	–	ibm
Tenable Nessus	Amazon Linux AMI : rpcbind (ALAS-2016-659)	11 Mar 201600:00	–	nessus
Tenable Nessus	CentOS 6 / 7 : rpcbind (CESA-2016:0005)	8 Jan 201600:00	–	nessus
Tenable Nessus	Debian DLA-311-1 : rpcbind security update	21 Sep 201500:00	–	nessus
Tenable Nessus	Debian DSA-3366-1 : rpcbind - security update	24 Sep 201500:00	–	nessus
Tenable Nessus	Fedora 23 : rpcbind-0.2.3-0.4.fc23 (2015-36b145bd37)	4 Mar 201600:00	–	nessus
Tenable Nessus	Fedora 22 : rpcbind-0.2.3-0.3.fc22 (2015-9eee2fbc78)	4 Mar 201600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	1	i686	rpcbind	0.2.0-11.8.amzn1	rpcbind-0.2.0-11.8.amzn1.i686.rpm
Amazon Linux	1	x86_64	rpcbind	0.2.0-11.8.amzn1	rpcbind-0.2.0-11.8.amzn1.x86_64.rpm
Amazon Linux	1	i686	rpcbind-debuginfo	0.2.0-11.8.amzn1	rpcbind-debuginfo-0.2.0-11.8.amzn1.i686.rpm
Amazon Linux	1	x86_64	rpcbind-debuginfo	0.2.0-11.8.amzn1	rpcbind-debuginfo-0.2.0-11.8.amzn1.x86_64.rpm

10 Mar 2016 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 25

CVSS 37.5

EPSS0.04174

rpcbind use-after-free pmap_callit remote attacker crash udp tcp