7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.049 Low
EPSS
Percentile
92.7%
CentOS Errata and Security Advisory CESA-2016:0005
The rpcbind utility is a server that converts RPC program numbers into
universal addresses. It must be running on the host to be able to make RPC
calls on a server on that machine.
A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP
connections was discovered in rpcbind. A remote attacker could possibly
exploit this flaw to crash the rpcbind service by performing a series of
UDP and TCP calls. (CVE-2015-7236)
All rpcbind users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. If the rpcbind service
is running, it will be automatically restarted after installing this
update.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-January/083755.html
https://lists.centos.org/pipermail/centos-announce/2016-January/083766.html
Affected packages:
rpcbind
Upstream details at:
https://access.redhat.com/errata/RHSA-2016:0005
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | rpcbind | < 0.2.0-11.el6_7 | rpcbind-0.2.0-11.el6_7.i686.rpm |
CentOS | 6 | x86_64 | rpcbind | < 0.2.0-11.el6_7 | rpcbind-0.2.0-11.el6_7.x86_64.rpm |
CentOS | 7 | x86_64 | rpcbind | < 0.2.0-33.el7_2 | rpcbind-0.2.0-33.el7_2.x86_64.rpm |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.049 Low
EPSS
Percentile
92.7%