ID CESA-2016:0005 Type centos Reporter CentOS Project Modified 2016-01-07T22:29:35
Description
CentOS Errata and Security Advisory CESA-2016:0005
The rpcbind utility is a server that converts RPC program numbers into
universal addresses. It must be running on the host to be able to make RPC
calls on a server on that machine.
A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP
connections was discovered in rpcbind. A remote attacker could possibly
exploit this flaw to crash the rpcbind service by performing a series of
UDP and TCP calls. (CVE-2015-7236)
All rpcbind users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. If the rpcbind service
is running, it will be automatically restarted after installing this
update.
Merged security bulletin from advisories:
http://lists.centos.org/pipermail/centos-announce/2016-January/021593.html
http://lists.centos.org/pipermail/centos-announce/2016-January/021604.html
{"id": "CESA-2016:0005", "bulletinFamily": "unix", "title": "rpcbind security update", "description": "**CentOS Errata and Security Advisory** CESA-2016:0005\n\n\nThe rpcbind utility is a server that converts RPC program numbers into\nuniversal addresses. It must be running on the host to be able to make RPC\ncalls on a server on that machine.\n\nA use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP\nconnections was discovered in rpcbind. A remote attacker could possibly\nexploit this flaw to crash the rpcbind service by performing a series of\nUDP and TCP calls. (CVE-2015-7236)\n\nAll rpcbind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. If the rpcbind service\nis running, it will be automatically restarted after installing this\nupdate.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/021593.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/021604.html\n\n**Affected packages:**\nrpcbind\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0005.html", "published": "2016-01-07T22:08:03", "modified": "2016-01-07T22:29:35", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2016-January/021593.html", "reporter": "CentOS Project", "references": ["https://rhn.redhat.com/errata/RHSA-2016-0005.html"], "cvelist": ["CVE-2015-7236"], "type": "centos", "lastseen": "2017-10-03T18:25:46", "history": [], "edition": 1, "hashmap": [{"key": "affectedPackage", "hash": "ca004799779dbfd4121c63b41f975aca"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "4aaf3bb116b6d1ef45df10ddf536ed8c"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "143c4830de3b2449d757ad227c6cd066"}, {"key": "href", "hash": "dcd96f3d899ac3a7c030c4f10f3eb9c9"}, {"key": "modified", "hash": "d04abdb73b3a74f3bcbede7e099c56b6"}, {"key": "published", "hash": "5a288083a2f1ab46a0f3a405a6987c16"}, {"key": "references", "hash": "7dc90e728abf1232a2660881ea68d8c9"}, {"key": "reporter", "hash": "9855627921475e40e00f92d60af14cb3"}, {"key": "title", "hash": "06bd63e2169b8c7788ad077d1ad7b291"}, {"key": "type", "hash": "cdc872db616ac66adb3166c75e9ad183"}], "hash": "7a1cd9b4f7a37ef6c041a391429898a0e90c69c933ad72693be97e0e4841d6a1", "viewCount": 0, "enchantments": {"vulnersScore": 3.5}, "objectVersion": "1.3", "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "arch": "any", "operator": "lt", "packageFilename": "rpcbind-0.2.0-33.el7_2.src.rpm", "packageName": "rpcbind", "packageVersion": "0.2.0-33.el7_2"}, {"OS": "CentOS", "OSVersion": "6", "arch": "x86_64", "operator": "lt", "packageFilename": "rpcbind-0.2.0-11.el6_7.x86_64.rpm", "packageName": "rpcbind", "packageVersion": "0.2.0-11.el6_7"}, {"OS": "CentOS", "OSVersion": "6", "arch": "any", "operator": "lt", "packageFilename": "rpcbind-0.2.0-11.el6_7.src.rpm", "packageName": "rpcbind", "packageVersion": "0.2.0-11.el6_7"}, {"OS": "CentOS", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "rpcbind-0.2.0-11.el6_7.i686.rpm", "packageName": "rpcbind", "packageVersion": "0.2.0-11.el6_7"}, {"OS": "CentOS", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "rpcbind-0.2.0-33.el7_2.x86_64.rpm", "packageName": "rpcbind", "packageVersion": "0.2.0-33.el7_2"}]}
{"result": {"cve": [{"id": "CVE-2015-7236", "type": "cve", "title": "CVE-2015-7236", "description": "Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.", "published": "2015-10-01T16:59:04", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7236", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-07-01T10:43:34"}], "f5": [{"id": "F5:K44340019", "type": "f5", "title": "rpcbind use-after-free vulnerability CVE-2015-7236 ", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.1| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2016-11-05T04:25:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K44340019", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-06-08T00:16:26"}, {"id": "SOL44340019", "type": "f5", "title": "SOL44340019 - rpcbind use-after-free vulnerability CVE-2015-7236", "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2016-11-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/k/44/sol44340019.html", "cvelist": ["CVE-2015-7236"], "lastseen": "2016-11-05T05:25:20"}], "amazon": [{"id": "ALAS-2016-659", "type": "amazon", "title": "Medium: rpcbind", "description": "**Issue Overview:**\n\nA use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote, unauthenticated attacker could possibly exploit this flaw to crash the rpcbind service (denial of service) by performing a series of UDP and TCP calls.\n\n \n**Affected Packages:** \n\n\nrpcbind\n\n \n**Issue Correction:** \nRun _yum update rpcbind_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n rpcbind-0.2.0-11.8.amzn1.i686 \n rpcbind-debuginfo-0.2.0-11.8.amzn1.i686 \n \n src: \n rpcbind-0.2.0-11.8.amzn1.src \n \n x86_64: \n rpcbind-debuginfo-0.2.0-11.8.amzn1.x86_64 \n rpcbind-0.2.0-11.8.amzn1.x86_64 \n \n \n", "published": "2016-03-10T16:30:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2016-659.html", "cvelist": ["CVE-2015-7236"], "lastseen": "2016-09-28T21:04:11"}], "freebsd": [{"id": "0E5D6969-600A-11E6-A6C3-14DAE9D210B8", "type": "freebsd", "title": "FreeBSD -- rpcbind(8) remote denial of service [REVISED]", "description": "\nProblem Description:\nIn rpcbind(8), netbuf structures are copied directly,\n\twhich would result in two netbuf structures that reference\n\tto one shared address buffer. When one of the two netbuf\n\tstructures is freed, access to the other netbuf structure\n\twould result in an undefined result that may crash the\n\trpcbind(8) daemon.\nImpact:\nA remote attacker who can send specifically crafted\n\tpackets to the rpcbind(8) daemon can cause it to crash,\n\tresulting in a denial of service condition.\n", "published": "2015-09-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/0e5d6969-600a-11e6-a6c3-14dae9d210b8.html", "cvelist": ["CVE-2015-7236"], "lastseen": "2016-09-26T17:24:02"}], "nessus": [{"id": "SOLARIS10_X86_152265-01.NASL", "type": "nessus", "title": "Solaris 10 (x86) : 152265-01", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Utilities). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris.", "published": "2018-03-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=108255", "cvelist": ["CVE-2015-7236"], "lastseen": "2018-03-15T15:20:44"}, {"id": "ALA_ALAS-2016-659.NASL", "type": "nessus", "title": "Amazon Linux AMI : rpcbind (ALAS-2016-659)", "description": "A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote, unauthenticated attacker could possibly exploit this flaw to crash the rpcbind service (denial of service) by performing a series of UDP and TCP calls.", "published": "2016-03-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=89840", "cvelist": ["CVE-2015-7236"], "lastseen": "2018-04-19T07:59:34"}, {"id": "SUSE_SU-2015-1706-2.NASL", "type": "nessus", "title": "SUSE SLES11 Security Update : rpcbind (SUSE-SU-2015:1706-2)", "description": "A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-10-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86345", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-10-29T13:35:01"}, {"id": "SUSE_SU-2015-1705-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : rpcbind (SUSE-SU-2015:1705-1)", "description": "A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-10-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86342", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-10-29T13:34:14"}, {"id": "SUSE_SU-2015-1705-2.NASL", "type": "nessus", "title": "SUSE SLED12 Security Update : rpcbind (SUSE-SU-2015:1705-2)", "description": "A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-10-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86343", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-10-29T13:44:14"}, {"id": "SUSE_SU-2015-1706-1.NASL", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : rpcbind (SUSE-SU-2015:1706-1)", "description": "A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-10-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86344", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-10-29T13:43:58"}, {"id": "DEBIAN_DSA-3366.NASL", "type": "nessus", "title": "Debian DSA-3366-1 : rpcbind - security update", "description": "A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash).", "published": "2015-09-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86108", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-10-29T13:38:53"}, {"id": "CENTOS_RHSA-2016-0005.NASL", "type": "nessus", "title": "CentOS 6 / 7 : rpcbind (CESA-2016:0005)", "description": "Updated rpcbind packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe rpcbind utility is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine.\n\nA use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote attacker could possibly exploit this flaw to crash the rpcbind service by performing a series of UDP and TCP calls. (CVE-2015-7236)\n\nAll rpcbind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the rpcbind service is running, it will be automatically restarted after installing this update.", "published": "2016-01-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87778", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-10-29T13:37:30"}, {"id": "SOLARIS_APR2016_SRU11_3_4_5_0.NASL", "type": "nessus", "title": "Oracle Solaris Critical Patch Update : apr2016_SRU11_3_4_5_0", "description": "This Solaris system is missing necessary patches to address a critical security update :\n\n - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Utilities).\n Supported versions that are affected are 10 and 11.3.\n Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris.\n (CVE-2015-7236)", "published": "2016-04-21T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=90619", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-10-29T13:33:58"}, {"id": "GENTOO_GLSA-201611-17.NASL", "type": "nessus", "title": "GLSA-201611-17 : RPCBind: Denial of Service", "description": "The remote host is affected by the vulnerability described in GLSA-201611-17 (RPCBind: Denial of Service)\n\n A use-after-free vulnerability was discovered in RPCBind’s svc_dodestroy function when trying to free a corrupted xprt->xp_netid pointer.\n Impact :\n\n A remote attacker could possibly cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "published": "2016-11-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=95268", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-10-29T13:43:20"}], "oraclelinux": [{"id": "ELSA-2016-0005", "type": "oraclelinux", "title": "rpcbind security update", "description": "[0.2.0-11.el6_7]\n- Fix memory corruption in PMAP_CALLIT code (bz 1283638)", "published": "2016-01-07T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2016-0005.html", "cvelist": ["CVE-2015-7236"], "lastseen": "2016-09-04T11:16:56"}], "redhat": [{"id": "RHSA-2016:0005", "type": "redhat", "title": "(RHSA-2016:0005) Moderate: rpcbind security update", "description": "The rpcbind utility is a server that converts RPC program numbers into\nuniversal addresses. It must be running on the host to be able to make RPC\ncalls on a server on that machine.\n\nA use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP\nconnections was discovered in rpcbind. A remote attacker could possibly\nexploit this flaw to crash the rpcbind service by performing a series of\nUDP and TCP calls. (CVE-2015-7236)\n\nAll rpcbind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. If the rpcbind service\nis running, it will be automatically restarted after installing this\nupdate.\n", "published": "2016-01-07T05:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0005", "cvelist": ["CVE-2015-7236"], "lastseen": "2018-04-15T14:25:47"}], "openvas": [{"id": "OPENVAS:1361412562310806707", "type": "openvas", "title": "Fedora Update for rpcbind FEDORA-2015-9", "description": "Check the version of rpcbind", "published": "2015-11-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806707", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-07-25T10:53:53"}, {"id": "OPENVAS:703366", "type": "openvas", "title": "Debian Security Advisory DSA 3366-1 (rpcbind - security update)", "description": "A remotely triggerable use-after-free vulnerability was found in\nrpcbind, a server that converts RPC program numbers into universal\naddresses. A remote attacker can take advantage of this flaw to mount a\ndenial of service (rpcbind crash).", "published": "2015-09-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703366", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-07-24T12:53:29"}, {"id": "OPENVAS:1361412562310130008", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0383", "description": "Mageia Linux Local Security Checks mgasa-2015-0383", "published": "2015-10-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130008", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-07-24T12:53:55"}, {"id": "OPENVAS:1361412562310842473", "type": "openvas", "title": "Ubuntu Update for rpcbind USN-2756-1", "description": "Check the version of rpcbind", "published": "2015-10-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842473", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-12-04T11:24:30"}, {"id": "OPENVAS:1361412562310120649", "type": "openvas", "title": "Amazon Linux Local Check: alas-2016-659", "description": "Amazon Linux Local Security Checks", "published": "2016-03-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120649", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-07-24T12:54:37"}, {"id": "OPENVAS:1361412562310122813", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0005", "description": "Oracle Linux Local Security Checks ELSA-2016-0005", "published": "2016-01-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122813", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-07-24T12:55:17"}, {"id": "OPENVAS:1361412562310882364", "type": "openvas", "title": "CentOS Update for rpcbind CESA-2016:0005 centos7 ", "description": "Check the version of rpcbind", "published": "2016-01-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882364", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-07-25T10:55:09"}, {"id": "OPENVAS:1361412562310882367", "type": "openvas", "title": "CentOS Update for rpcbind CESA-2016:0005 centos6 ", "description": "Check the version of rpcbind", "published": "2016-01-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882367", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-07-25T10:54:03"}, {"id": "OPENVAS:1361412562310871537", "type": "openvas", "title": "RedHat Update for rpcbind RHSA-2016:0005-01", "description": "Check the version of rpcbind", "published": "2016-01-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871537", "cvelist": ["CVE-2015-7236"], "lastseen": "2017-07-27T10:54:18"}, {"id": "OPENVAS:1361412562310703366", "type": "openvas", "title": "Debian Security Advisory DSA 3366-1 (rpcbind - security update)", "description": "A remotely triggerable use-after-free vulnerability was found in\nrpcbind, a server that converts RPC program numbers into universal\naddresses. A remote attacker can take advantage of this flaw to mount a\ndenial of service (rpcbind crash).", "published": "2015-09-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703366", "cvelist": ["CVE-2015-7236"], "lastseen": "2018-04-06T11:28:14"}], "gentoo": [{"id": "GLSA-201611-17", "type": "gentoo", "title": "RPCBind: Denial of Service", "description": "### Background\n\nThe RPCBind utility is a server that converts RPC program numbers into universal addresses. \n\n### Description\n\nA use-after-free vulnerability was discovered in RPCBind\u2019s svc_dodestroy function when trying to free a corrupted xprt->xp_netid pointer. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll RPCBind users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-nds/rpcbind-0.2.3-r1\"", "published": "2016-11-22T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201611-17", "cvelist": ["CVE-2015-7236"], "lastseen": "2016-11-22T12:55:27"}], "debian": [{"id": "DSA-3366", "type": "debian", "title": "rpcbind -- security update", "description": "A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash).\n\nFor the oldstable distribution (wheezy), this problem has been fixed in version 0.2.0-8+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in version 0.2.1-6+deb8u1.\n\nWe recommend that you upgrade your rpcbind packages.", "published": "2015-09-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3366", "cvelist": ["CVE-2015-7236"], "lastseen": "2016-09-02T18:35:17"}, {"id": "DLA-311", "type": "debian", "title": "rpcbind -- LTS security update", "description": "A use-after-free vulnerability in rpcbind causing remotely triggerable crash was found. Rpcbind crashes in svc_dodestroy when trying to free a corrupted xprt->xp_netid pointer, which contains a sockaddr_in.", "published": "2015-09-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/2015/dla-311", "cvelist": ["CVE-2015-7236"], "lastseen": "2016-09-02T12:56:30"}], "archlinux": [{"id": "ASA-201509-10", "type": "archlinux", "title": "rpcbind: denial of service", "description": "A use-after-free vulnerability has been found in rpcbind, leading to\nmemory corruption then crash in the svc_dodestroy() function while\ntrying to free a corrupted xprt->xp_netid pointer.", "published": "2015-09-25T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html", "cvelist": ["CVE-2015-7236"], "lastseen": "2016-09-02T18:44:41"}], "ubuntu": [{"id": "USN-2756-1", "type": "ubuntu", "title": "rpcbind vulnerability", "description": "It was discovered that rpcbind incorrectly handled certain memory structures. A remote attacker could use this issue to cause rpcbind to crash, resulting in a denial of service, or possibly execute arbitrary code.", "published": "2015-09-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2756-1/", "cvelist": ["CVE-2015-7236"], "lastseen": "2018-03-29T18:19:06"}], "oracle": [{"id": "ORACLE:CPUAPR2016V3-2985753", "type": "oracle", "title": "cpuapr2016v3", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 136 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n** Please note that on March 23, 2016, Oracle released [Security Alert for Java SE for CVE-2016-0636](<http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html>). Customers of affected Oracle product(s) are strongly advised to apply the fixes that were announced for CVE-2016-0636. **\n\nPlease also note that the vulnerabilities in this Critical Patch Update are scored using versions 3.0 and 2.0 of Common Vulnerability Scoring Standard (CVSS). Future Critical Patch Updates and Security Alerts will be scored using CVSS version 3.0 only.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "published": "2016-04-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2015-4000", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0681", "CVE-2016-0641", "CVE-2014-3566", "CVE-2016-3436", "CVE-2011-4461", "CVE-2016-0697", "CVE-2015-1793", "CVE-2015-7236", "CVE-2015-3197", "CVE-2016-3457", "CVE-2016-3417", "CVE-2016-3441", "CVE-2016-3426", "CVE-2016-0699", "CVE-2016-0407", "CVE-2016-0623", "CVE-2016-0705", "CVE-2016-3423", "CVE-2013-4786", "CVE-2016-3418", "CVE-2016-0695", "CVE-2015-7181", "CVE-2015-1789", "CVE-2015-1794", "CVE-2016-3427", "CVE-2016-0682", "CVE-2016-2047", "CVE-2015-3195", "CVE-2016-0798", "CVE-2016-0677", "CVE-2014-3576", "CVE-2016-0649", "CVE-2016-0698", "CVE-2016-3462", "CVE-2016-0639", "CVE-2016-0696", "CVE-2016-0669", "CVE-2016-0692", "CVE-2016-0799", "CVE-2016-0694", "CVE-2016-3449", "CVE-2016-0469", "CVE-2016-0662", "CVE-2016-0680", "CVE-2016-0678", "CVE-2015-3194", "CVE-2015-7501", "CVE-2015-3253", "CVE-2016-3463", "CVE-2016-0646", "CVE-2016-3420", "CVE-2016-3422", "CVE-2016-3416", "CVE-2016-0674", "CVE-2016-0668", "CVE-2016-3431", "CVE-2015-3238", "CVE-2016-0797", "CVE-2015-7182", "CVE-2016-0702", "CVE-2015-2808", "CVE-2016-3419", "CVE-2015-7575", "CVE-2016-3456", "CVE-2014-2532", "CVE-2016-0679", "CVE-2016-0685", "CVE-2015-3196", "CVE-2016-0666", "CVE-2015-2721", "CVE-2015-3193", "CVE-2016-0479", "CVE-2016-0659", "CVE-2016-0636", "CVE-2016-0643", "CVE-2016-3454", "CVE-2016-0672", "CVE-2016-0642", "CVE-2016-3428", "CVE-2016-3443", "CVE-2016-3460", "CVE-2016-0675", "CVE-2016-0687", "CVE-2016-0652", "CVE-2016-0640", "CVE-2016-0700", "CVE-2015-7183", "CVE-2016-0638", "CVE-2016-0408", "CVE-2016-3442", "CVE-2016-0651", "CVE-2016-3461", "CVE-2016-0673", "CVE-2016-3447", "CVE-2016-0690", "CVE-2016-0665", "CVE-2016-0800", "CVE-2016-0655", "CVE-2016-0657", "CVE-2016-0684", "CVE-2016-3425", "CVE-2016-0468", "CVE-2013-2566", "CVE-2016-3464", "CVE-2015-1790", "CVE-2016-0691", "CVE-2016-3438", "CVE-2016-0686", "CVE-2016-3435", "CVE-2016-3434", "CVE-2016-0654", "CVE-2016-3455", "CVE-2016-3421", "CVE-2016-3465", "CVE-2016-3439", "CVE-2016-3429", "CVE-2016-0658", "CVE-2016-0650", "CVE-2016-0644", "CVE-2016-3437", "CVE-2016-0676", "CVE-2016-0656", "CVE-2016-0667", "CVE-2016-0683", "CVE-2016-0653", "CVE-2016-0671", "CVE-2016-0661", "CVE-2016-3466", "CVE-2016-0693", "CVE-2015-7547", "CVE-2015-4923", "CVE-2016-0688", "CVE-2016-0689", "CVE-2016-0663"], "lastseen": "2018-04-18T20:23:56"}]}}