ID CESA-2016:0005 Type centos Reporter CentOS Project Modified 2016-01-07T22:29:35
Description
CentOS Errata and Security Advisory CESA-2016:0005
The rpcbind utility is a server that converts RPC program numbers into
universal addresses. It must be running on the host to be able to make RPC
calls on a server on that machine.
A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP
connections was discovered in rpcbind. A remote attacker could possibly
exploit this flaw to crash the rpcbind service by performing a series of
UDP and TCP calls. (CVE-2015-7236)
All rpcbind users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. If the rpcbind service
is running, it will be automatically restarted after installing this
update.
Merged security bulletin from advisories:
http://lists.centos.org/pipermail/centos-announce/2016-January/021593.html
http://lists.centos.org/pipermail/centos-announce/2016-January/021604.html
{"bulletinFamily": "unix", "affectedPackage": [{"OS": "CentOS", "packageVersion": "0.2.0-33.el7_2", "packageFilename": "rpcbind-0.2.0-33.el7_2.src.rpm", "packageName": "rpcbind", "operator": "lt", "arch": "any", "OSVersion": "7"}, {"OS": "CentOS", "packageVersion": "0.2.0-11.el6_7", "packageFilename": "rpcbind-0.2.0-11.el6_7.x86_64.rpm", "packageName": "rpcbind", "operator": "lt", "arch": "x86_64", "OSVersion": "6"}, {"OS": "CentOS", "packageVersion": "0.2.0-11.el6_7", "packageFilename": "rpcbind-0.2.0-11.el6_7.src.rpm", "packageName": "rpcbind", "operator": "lt", "arch": "any", "OSVersion": "6"}, {"OS": "CentOS", "packageVersion": "0.2.0-11.el6_7", "packageFilename": "rpcbind-0.2.0-11.el6_7.i686.rpm", "packageName": "rpcbind", "operator": "lt", "arch": "i686", "OSVersion": "6"}, {"OS": "CentOS", "packageVersion": "0.2.0-33.el7_2", "packageFilename": "rpcbind-0.2.0-33.el7_2.x86_64.rpm", "packageName": "rpcbind", "operator": "lt", "arch": "x86_64", "OSVersion": "7"}], "viewCount": 1, "reporter": "CentOS Project", "references": ["https://rhn.redhat.com/errata/RHSA-2016-0005.html"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0005\n\n\nThe rpcbind utility is a server that converts RPC program numbers into\nuniversal addresses. It must be running on the host to be able to make RPC\ncalls on a server on that machine.\n\nA use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP\nconnections was discovered in rpcbind. A remote attacker could possibly\nexploit this flaw to crash the rpcbind service by performing a series of\nUDP and TCP calls. (CVE-2015-7236)\n\nAll rpcbind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. If the rpcbind service\nis running, it will be automatically restarted after installing this\nupdate.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/021593.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/021604.html\n\n**Affected packages:**\nrpcbind\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0005.html", "hashmap": [{"key": "affectedPackage", "hash": "ca004799779dbfd4121c63b41f975aca"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "4aaf3bb116b6d1ef45df10ddf536ed8c"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "143c4830de3b2449d757ad227c6cd066"}, {"key": "href", "hash": "dcd96f3d899ac3a7c030c4f10f3eb9c9"}, {"key": "modified", "hash": "d04abdb73b3a74f3bcbede7e099c56b6"}, {"key": "published", "hash": "5a288083a2f1ab46a0f3a405a6987c16"}, {"key": "references", "hash": "7dc90e728abf1232a2660881ea68d8c9"}, {"key": "reporter", "hash": "9855627921475e40e00f92d60af14cb3"}, {"key": "title", "hash": "06bd63e2169b8c7788ad077d1ad7b291"}, {"key": "type", "hash": "cdc872db616ac66adb3166c75e9ad183"}], "href": "http://lists.centos.org/pipermail/centos-announce/2016-January/021593.html", "modified": "2016-01-07T22:29:35", "objectVersion": "1.3", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "id": "CESA-2016:0005", "title": "rpcbind security update", "hash": "7a1cd9b4f7a37ef6c041a391429898a0e90c69c933ad72693be97e0e4841d6a1", "edition": 1, "published": "2016-01-07T22:08:03", "type": "centos", "history": [], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvelist": ["CVE-2015-7236"], "lastseen": "2017-10-03T18:25:46"}
{"cve": [{"lastseen": "2017-07-01T10:43:34", "references": ["http://www.openwall.com/lists/oss-security/2015/09/17/6", "http://www.debian.org/security/2015/dsa-3366", "http://www.openwall.com/lists/oss-security/2015/09/17/1", "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "https://security.FreeBSD.org/advisories/FreeBSD-SA-15:24.rpcbind.asc", "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172152.html", "http://www.spinics.net/lists/linux-nfs/msg53045.html", "http://www.ubuntu.com/usn/USN-2756-1", "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "http://www.securityfocus.com/bid/76771", "http://www.securitytracker.com/id/1033673", "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171030.html", "https://security.gentoo.org/glsa/201611-17"], "edition": 3, "description": "Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.", "reporter": "NVD", "published": "2015-10-01T16:59:04", "title": "CVE-2015-7236", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-7236"], "scanner": [], "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/a:oracle:solaris_operating_system:11.3", "cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~", "cpe:/a:oracle:solaris_operating_system:10", "cpe:/a:rpcbind_project:rpcbind:0.2.1", "cpe:/o:debian:debian_linux:7.0"], "modified": "2017-06-30T21:29:20", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7236", "id": "CVE-2015-7236", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "f5": [{"lastseen": "2016-11-05T05:25:20", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "reporter": "f5", "published": "2016-11-04T00:00:00", "type": "f5", "title": "SOL44340019 - rpcbind use-after-free vulnerability CVE-2015-7236", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-7236"], "modified": "2016-11-04T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/44/sol44340019.html", "id": "SOL44340019", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:26", "references": [], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.1| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "reporter": "f5", "published": "2016-11-05T04:25:00", "type": "f5", "title": "rpcbind use-after-free vulnerability CVE-2015-7236 ", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-7236"], "modified": "2016-11-05T04:25:00", "href": "https://support.f5.com/csp/article/K44340019", "id": "F5:K44340019", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "amazon": [{"lastseen": "2016-09-28T21:04:11", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.2.0-11.8", "arch": "i686", "packageFilename": "rpcbind-debuginfo-0.2.0-11.8.amzn1.i686", "packageName": "rpcbind-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.2.0-11.8", "arch": "x86_64", "packageFilename": "rpcbind-0.2.0-11.8.amzn1.x86_64", "packageName": "rpcbind", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.2.0-11.8", "arch": "src", "packageFilename": "rpcbind-0.2.0-11.8.amzn1.src", "packageName": "rpcbind", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.2.0-11.8", "arch": "i686", "packageFilename": "rpcbind-0.2.0-11.8.amzn1.i686", "packageName": "rpcbind", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.2.0-11.8", "arch": "x86_64", "packageFilename": "rpcbind-debuginfo-0.2.0-11.8.amzn1.x86_64", "packageName": "rpcbind-debuginfo", "operator": "lt"}], "edition": 1, "description": "**Issue Overview:**\n\nA use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote, unauthenticated attacker could possibly exploit this flaw to crash the rpcbind service (denial of service) by performing a series of UDP and TCP calls.\n\n \n**Affected Packages:** \n\n\nrpcbind\n\n \n**Issue Correction:** \nRun _yum update rpcbind_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n rpcbind-0.2.0-11.8.amzn1.i686 \n rpcbind-debuginfo-0.2.0-11.8.amzn1.i686 \n \n src: \n rpcbind-0.2.0-11.8.amzn1.src \n \n x86_64: \n rpcbind-debuginfo-0.2.0-11.8.amzn1.x86_64 \n rpcbind-0.2.0-11.8.amzn1.x86_64 \n \n \n", "reporter": "Amazon", "published": "2016-03-10T16:30:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "amazon", "title": "Medium: rpcbind", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7236"], "modified": "2016-03-10T16:30:00", "id": "ALAS-2016-659", "href": "https://alas.aws.amazon.com/ALAS-2016-659.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:12", "references": [], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "10.2_5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "eq"}], "description": "\nProblem Description:\nIn rpcbind(8), netbuf structures are copied directly,\n\twhich would result in two netbuf structures that reference\n\tto one shared address buffer. When one of the two netbuf\n\tstructures is freed, access to the other netbuf structure\n\twould result in an undefined result that may crash the\n\trpcbind(8) daemon.\nImpact:\nA remote attacker who can send specifically crafted\n\tpackets to the rpcbind(8) daemon can cause it to crash,\n\tresulting in a denial of service condition.\n", "edition": 3, "reporter": "FreeBSD", "published": "2015-09-29T00:00:00", "title": "FreeBSD -- rpcbind(8) remote denial of service [REVISED]", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-7236"], "modified": "2015-09-29T00:00:00", "id": "0E5D6969-600A-11E6-A6C3-14DAE9D210B8", "href": "https://vuxml.freebsd.org/freebsd/0e5d6969-600a-11e6-a6c3-14dae9d210b8.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-02T00:05:02", "references": ["https://getupdates.oracle.com/readme/152265-01"], "pluginID": "108255", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Utilities). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris.", "edition": 3, "reporter": "Tenable", "published": "2018-03-12T00:00:00", "title": "Solaris 10 (x86) : 152265-01", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2018-03-12T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_152265-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=108255", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108255);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/03/12 17:45:06\");\n\n script_cve_id(\"CVE-2015-7236\");\n\n script_name(english:\"Solaris 10 (x86) : 152265-01\");\n script_summary(english:\"Check for patch 152265-01\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 152265-01\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Utilities). Supported versions that are affected\nare 10 and 11.3. Easily exploitable vulnerability allows\nunauthenticated attacker with network access via RPC to compromise\nSolaris. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of Solaris.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/152265-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 152265-01\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"152265-01\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWcsu\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:59:13", "references": ["https://alas.aws.amazon.com/ALAS-2016-659.html"], "pluginID": "89840", "description": "A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote, unauthenticated attacker could possibly exploit this flaw to crash the rpcbind service (denial of service) by performing a series of UDP and TCP calls.", "edition": 6, "reporter": "Tenable", "published": "2016-03-11T00:00:00", "title": "Amazon Linux AMI : rpcbind (ALAS-2016-659)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:rpcbind", "p-cpe:/a:amazon:linux:rpcbind-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-659.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89840", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-659.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89840);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-7236\");\n script_xref(name:\"ALAS\", value:\"2016-659\");\n\n script_name(english:\"Amazon Linux AMI : rpcbind (ALAS-2016-659)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP\nconnections was discovered in rpcbind. A remote, unauthenticated\nattacker could possibly exploit this flaw to crash the rpcbind service\n(denial of service) by performing a series of UDP and TCP calls.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-659.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update rpcbind' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpcbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpcbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"rpcbind-0.2.0-11.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpcbind-debuginfo-0.2.0-11.8.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpcbind / rpcbind-debuginfo\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:02:53", "references": ["https://security.gentoo.org/glsa/201611-17"], "pluginID": "95268", "description": "The remote host is affected by the vulnerability described in GLSA-201611-17 (RPCBind: Denial of Service)\n\n A use-after-free vulnerability was discovered in RPCBind’s svc_dodestroy function when trying to free a corrupted xprt->xp_netid pointer.\n Impact :\n\n A remote attacker could possibly cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "reporter": "Tenable", "published": "2016-11-23T00:00:00", "title": "GLSA-201611-17 : RPCBind: Denial of Service", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2016-11-23T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:rpcbind"], "id": "GENTOO_GLSA-201611-17.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=95268", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201611-17.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95268);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2016/11/23 14:38:51 $\");\n\n script_cve_id(\"CVE-2015-7236\");\n script_xref(name:\"GLSA\", value:\"201611-17\");\n\n script_name(english:\"GLSA-201611-17 : RPCBind: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201611-17\n(RPCBind: Denial of Service)\n\n A use-after-free vulnerability was discovered in RPCBind’s\n svc_dodestroy function when trying to free a corrupted xprt->xp_netid\n pointer.\n \nImpact :\n\n A remote attacker could possibly cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201611-17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All RPCBind users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-nds/rpcbind-0.2.3-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:rpcbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-nds/rpcbind\", unaffected:make_list(\"ge 0.2.3-r1\"), vulnerable:make_list(\"lt 0.2.3-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"RPCBind\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:44:25", "references": ["http://www.nessus.org/u?b9e708b7", "http://www.nessus.org/u?b15ac654"], "pluginID": "87778", "description": "Updated rpcbind packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe rpcbind utility is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine.\n\nA use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote attacker could possibly exploit this flaw to crash the rpcbind service by performing a series of UDP and TCP calls. (CVE-2015-7236)\n\nAll rpcbind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the rpcbind service is running, it will be automatically restarted after installing this update.", "edition": 8, "reporter": "Tenable", "published": "2016-01-08T00:00:00", "title": "CentOS 6 / 7 : rpcbind (CESA-2016:0005)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2018-07-03T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:rpcbind"], "id": "CENTOS_RHSA-2016-0005.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87778", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0005 and \n# CentOS Errata and Security Advisory 2016:0005 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87778);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/07/03 15:35:24\");\n\n script_cve_id(\"CVE-2015-7236\");\n script_xref(name:\"RHSA\", value:\"2016:0005\");\n\n script_name(english:\"CentOS 6 / 7 : rpcbind (CESA-2016:0005)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpcbind packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe rpcbind utility is a server that converts RPC program numbers into\nuniversal addresses. It must be running on the host to be able to make\nRPC calls on a server on that machine.\n\nA use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP\nconnections was discovered in rpcbind. A remote attacker could\npossibly exploit this flaw to crash the rpcbind service by performing\na series of UDP and TCP calls. (CVE-2015-7236)\n\nAll rpcbind users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. If the rpcbind\nservice is running, it will be automatically restarted after\ninstalling this update.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-January/021593.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9e708b7\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-January/021604.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b15ac654\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rpcbind package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpcbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpcbind-0.2.0-11.el6_7\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rpcbind-0.2.0-33.el7_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:34:37", "references": ["https://support.oracle.com/rs?type=doc&id=2123591.1", "http://www.nessus.org/u?855180af", "http://www.nessus.org/u?2142a932"], "pluginID": "90619", "description": "This Solaris system is missing necessary patches to address a critical security update :\n\n - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Utilities).\n Supported versions that are affected are 10 and 11.3.\n Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris.\n (CVE-2015-7236)", "edition": 6, "reporter": "Tenable", "published": "2016-04-21T00:00:00", "title": "Oracle Solaris Critical Patch Update : apr2016_SRU11_3_4_5_0", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2016-12-21T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.3"], "id": "SOLARIS_APR2016_SRU11_3_4_5_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90619", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle CPU for apr2016.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90619);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/12/21 14:22:37 $\");\n\n script_cve_id(\"CVE-2015-7236\");\n\n script_name(english:\"Oracle Solaris Critical Patch Update : apr2016_SRU11_3_4_5_0\");\n script_summary(english:\"Check for the apr2016 CPU\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch from CPU\napr2016.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Solaris system is missing necessary patches to address a critical\nsecurity update :\n\n - Vulnerability in the Solaris component of Oracle Sun\n Systems Products Suite (subcomponent: Utilities).\n Supported versions that are affected are 10 and 11.3.\n Easily exploitable vulnerability allows unauthenticated\n attacker with network access via RPC to compromise\n Solaris. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of Solaris.\n (CVE-2015-7236)\"\n );\n # http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2948264.xml\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2142a932\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?855180af\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.oracle.com/rs?type=doc&id=2123591.1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the apr2016 CPU from the Oracle support website.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\n\n\nfix_release = \"0.5.11-0.175.3.4.0.5.0\";\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.3.4.0.5.0\", sru:\"11.3.4.5.0\") > 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report2());\n else security_warning(0);\n exit(0);\n}\naudit(AUDIT_OS_RELEASE_NOT, \"Solaris\", fix_release, release);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:05:44", "references": ["https://bugzilla.suse.com/946204", "http://www.nessus.org/u?4d97f810", "https://bugzilla.suse.com/940191", "https://www.suse.com/security/cve/CVE-2015-7236.html"], "pluginID": "86343", "description": "A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2015-10-12T00:00:00", "title": "SUSE SLED12 Security Update : rpcbind (SUSE-SU-2015:1705-2)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2018-08-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:rpcbind", "p-cpe:/a:novell:suse_linux:rpcbind-debugsource", "p-cpe:/a:novell:suse_linux:rpcbind-debuginfo"], "id": "SUSE_SU-2015-1705-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86343", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1705-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86343);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/08/02 16:41:58\");\n\n script_cve_id(\"CVE-2015-7236\");\n\n script_name(english:\"SUSE SLED12 Security Update : rpcbind (SUSE-SU-2015:1705-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free security bug in rpcbind was fixed which could lead to\na remote denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/940191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/946204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7236.html\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151705-2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d97f810\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-659=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpcbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpcbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpcbind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"rpcbind-0.2.1_rc4-13.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"rpcbind-debuginfo-0.2.1_rc4-13.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"rpcbind-debugsource-0.2.1_rc4-13.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpcbind\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:04:52", "references": ["https://bugzilla.suse.com/946204", "https://bugzilla.suse.com/940191", "http://www.nessus.org/u?fa6a1a4b", "https://www.suse.com/security/cve/CVE-2015-7236.html"], "pluginID": "86344", "description": "A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2015-10-12T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : rpcbind (SUSE-SU-2015:1706-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2018-08-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:rpcbind", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1706-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86344", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1706-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86344);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/08/02 16:41:58\");\n\n script_cve_id(\"CVE-2015-7236\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : rpcbind (SUSE-SU-2015:1706-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free security bug in rpcbind was fixed which could lead to\na remote denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/940191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/946204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7236.html\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151706-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa6a1a4b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-rpcbind-12123=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-rpcbind-12123=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-rpcbind-12123=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-rpcbind-12123=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-rpcbind-12123=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-rpcbind-12123=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-rpcbind-12123=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpcbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! ereg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"rpcbind-0.1.6+git20080930-6.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"rpcbind-0.1.6+git20080930-6.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"rpcbind-0.1.6+git20080930-6.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"rpcbind-0.1.6+git20080930-6.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"rpcbind-0.1.6+git20080930-6.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"rpcbind-0.1.6+git20080930-6.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"rpcbind-0.1.6+git20080930-6.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpcbind\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:04", "references": ["https://bugzilla.suse.com/946204", "https://bugzilla.suse.com/940191", "https://www.suse.com/security/cve/CVE-2015-7236.html", "http://www.nessus.org/u?1efcd32c"], "pluginID": "86342", "description": "A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2015-10-12T00:00:00", "title": "SUSE SLES12 Security Update : rpcbind (SUSE-SU-2015:1705-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2018-08-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:rpcbind", "p-cpe:/a:novell:suse_linux:rpcbind-debugsource", "p-cpe:/a:novell:suse_linux:rpcbind-debuginfo"], "id": "SUSE_SU-2015-1705-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86342", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1705-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86342);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/08/02 16:41:58\");\n\n script_cve_id(\"CVE-2015-7236\");\n\n script_name(english:\"SUSE SLES12 Security Update : rpcbind (SUSE-SU-2015:1705-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free security bug in rpcbind was fixed which could lead to\na remote denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/940191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/946204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7236.html\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151705-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1efcd32c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-659=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpcbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpcbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpcbind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rpcbind-0.2.1_rc4-13.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rpcbind-debuginfo-0.2.1_rc4-13.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rpcbind-debugsource-0.2.1_rc4-13.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpcbind\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:36:42", "references": ["https://bugzilla.suse.com/946204", "http://www.nessus.org/u?103211ad", "https://bugzilla.suse.com/940191", "https://www.suse.com/security/cve/CVE-2015-7236.html"], "pluginID": "86345", "description": "A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2015-10-12T00:00:00", "title": "SUSE SLES11 Security Update : rpcbind (SUSE-SU-2015:1706-2)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2018-08-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:rpcbind", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1706-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86345", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1706-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86345);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/08/02 16:41:58\");\n\n script_cve_id(\"CVE-2015-7236\");\n\n script_name(english:\"SUSE SLES11 Security Update : rpcbind (SUSE-SU-2015:1706-2)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free security bug in rpcbind was fixed which could lead to\na remote denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/940191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/946204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7236.html\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151706-2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?103211ad\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-rpcbind-12123=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-rpcbind-12123=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpcbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"rpcbind-0.1.6+git20080930-6.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"rpcbind-0.1.6+git20080930-6.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpcbind\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:48:54", "references": ["https://packages.debian.org/source/jessie/rpcbind", "http://www.debian.org/security/2015/dsa-3366", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799307", "https://packages.debian.org/source/wheezy/rpcbind"], "pluginID": "86108", "description": "A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash).", "edition": 5, "reporter": "Tenable", "published": "2015-09-24T00:00:00", "title": "Debian DSA-3366-1 : rpcbind - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2016-10-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:rpcbind"], "id": "DEBIAN_DSA-3366.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86108", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3366. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86108);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/10 14:05:03 $\");\n\n script_cve_id(\"CVE-2015-7236\");\n script_xref(name:\"DSA\", value:\"3366\");\n\n script_name(english:\"Debian DSA-3366-1 : rpcbind - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A remotely triggerable use-after-free vulnerability was found in\nrpcbind, a server that converts RPC program numbers into universal\naddresses. A remote attacker can take advantage of this flaw to mount\na denial of service (rpcbind crash).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/rpcbind\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/rpcbind\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3366\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the rpcbind packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 0.2.0-8+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.2.1-6+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rpcbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"rpcbind\", reference:\"0.2.0-8+deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"rpcbind\", reference:\"0.2.1-6+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:53:29", "references": ["http://www.debian.org/security/2015/dsa-3366.html"], "pluginID": "703366", "description": "A remotely triggerable use-after-free vulnerability was found in\nrpcbind, a server that converts RPC program numbers into universal\naddresses. A remote attacker can take advantage of this flaw to mount a\ndenial of service (rpcbind crash).", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-09-23T00:00:00", "title": "Debian Security Advisory DSA 3366-1 (rpcbind - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703366", "id": "OPENVAS:703366", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3366.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3366-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703366);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-7236\");\n script_name(\"Debian Security Advisory DSA 3366-1 (rpcbind - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-09-23 00:00:00 +0200 (Wed, 23 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3366.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"rpcbind on Debian Linux\");\n script_tag(name: \"insight\", value: \"The rpcbind utility is a server that converts RPC program numbers\ninto universal addresses.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.2.0-8+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.2.1-6+deb8u1.\n\nWe recommend that you upgrade your rpcbind packages.\");\n script_tag(name: \"summary\", value: \"A remotely triggerable use-after-free vulnerability was found in\nrpcbind, a server that converts RPC program numbers into universal\naddresses. A remote attacker can take advantage of this flaw to mount a\ndenial of service (rpcbind crash).\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"rpcbind\", ver:\"0.2.0-8+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rpcbind\", ver:\"0.2.1-6+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:03", "references": ["2756-1", "http://www.ubuntu.com/usn/usn-2756-1/"], "pluginID": "1361412562310842473", "description": "Check the version of rpcbind", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-01T00:00:00", "title": "Ubuntu Update for rpcbind USN-2756-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310842473", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842473", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for rpcbind USN-2756-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842473\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-01 07:13:14 +0200 (Thu, 01 Oct 2015)\");\n script_cve_id(\"CVE-2015-7236\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for rpcbind USN-2756-1\");\n script_tag(name:\"summary\", value:\"Check the version of rpcbind\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that rpcbind incorrectly\nhandled certain memory structures. A remote attacker could use this issue to cause\nrpcbind to crash, resulting in a denial of service, or possibly execute arbitrary\ncode.\");\n script_tag(name:\"affected\", value:\"rpcbind on Ubuntu 15.04,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2756-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2756-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(15\\.04|14\\.04 LTS|12\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"rpcbind\", ver:\"0.2.1-6ubuntu3.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"rpcbind\", ver:\"0.2.1-2ubuntu2.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"rpcbind\", ver:\"0.2.0-7ubuntu1.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:22", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172152.html", "2015-9"], "pluginID": "1361412562310806707", "description": "Check the version of rpcbind", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-11-20T00:00:00", "title": "Fedora Update for rpcbind FEDORA-2015-9", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310806707", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806707", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rpcbind FEDORA-2015-9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806707\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-20 06:19:18 +0100 (Fri, 20 Nov 2015)\");\n script_cve_id(\"CVE-2015-7236\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rpcbind FEDORA-2015-9\");\n script_tag(name: \"summary\", value: \"Check the version of rpcbind\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The rpcbind utility is a server that\nconverts RPC program numbers into universal addresses. It must be running on the\nhost to be able to make RPC calls on a server on that machine.\n\");\n script_tag(name: \"affected\", value: \"rpcbind on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-9\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172152.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"rpcbind\", rpm:\"rpcbind~0.2.3~0.3.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:15", "references": ["https://advisories.mageia.org/MGASA-2015-0383.html"], "pluginID": "1361412562310130008", "description": "Mageia Linux Local Security Checks mgasa-2015-0383", "edition": 4, "reporter": "Eero Volotinen", "published": "2015-10-15T00:00:00", "title": "Mageia Linux Local Check: mgasa-2015-0383", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Mageia Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310130008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130008", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Mageia Linux security check \n# $Id: mgasa-2015-0383.nasl 6563 2017-07-06 12:23:47Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.130008\");\nscript_version(\"$Revision: 6563 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-15 10:41:27 +0300 (Thu, 15 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 14:23:47 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Mageia Linux Local Check: mgasa-2015-0383\");\nscript_tag(name: \"insight\", value: \"Updated rpcbind package fixes security vulnerability: A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash) (CVE-2015-7236).\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://advisories.mageia.org/MGASA-2015-0383.html\");\nscript_cve_id(\"CVE-2015-7236\");\nscript_tag(name:\"cvss_base\", value:\"5.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name : \"summary\", value : \"Mageia Linux Local Security Checks mgasa-2015-0383\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Mageia Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"rpcbind\", rpm:\"rpcbind~0.2.2~1.1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:19", "references": ["https://alas.aws.amazon.com/ALAS-2016-659.html"], "pluginID": "1361412562310120649", "description": "Amazon Linux Local Security Checks", "edition": 4, "reporter": "Eero Volotinen", "published": "2016-03-11T00:00:00", "title": "Amazon Linux Local Check: alas-2016-659", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310120649", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120649", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Amazon Linux security check \n# $Id: alas-2016-659.nasl 6574 2017-07-06 13:41:26Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@iki.fi> \n#\n# OpenVAS and security consultance available from openvas@solinor.com\n# see https://solinor.fi/openvas-en/ for more information\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org \n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120649\");\nscript_version(\"$Revision: 6574 $\");\nscript_tag(name:\"creation_date\", value:\"2016-03-11 07:09:12 +0200 (Fri, 11 Mar 2016)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:41:26 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Amazon Linux Local Check: alas-2016-659\");\nscript_tag(name: \"insight\", value: \"A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote, unauthenticated attacker could possibly exploit this flaw to crash the rpcbind service (denial of service) by performing a series of UDP and TCP calls.\"); \nscript_tag(name : \"solution\", value : \"Run yum update rpcbind to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2016-659.html\");\nscript_cve_id(\"CVE-2015-7236\");\nscript_tag(name:\"cvss_base\", value:\"5.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"rpcbind\", rpm:\"rpcbind~0.2.0~11.8.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"rpcbind-debuginfo\", rpm:\"rpcbind-debuginfo~0.2.0~11.8.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:48:16", "references": ["http://linux.oracle.com/errata/ELSA-2016-0005.html"], "pluginID": "1361412562310122813", "description": "Oracle Linux Local Security Checks ELSA-2016-0005", "edition": 4, "reporter": "Eero Volotinen", "published": "2016-01-08T00:00:00", "title": "Oracle Linux Local Check: ELSA-2016-0005", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310122813", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122813", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2016-0005.nasl 6552 2017-07-06 11:49:41Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.122813\");\nscript_version(\"$Revision: 6552 $\");\nscript_tag(name:\"creation_date\", value:\"2016-01-08 07:47:18 +0200 (Fri, 08 Jan 2016)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:49:41 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2016-0005\");\nscript_tag(name: \"insight\", value: \"ELSA-2016-0005 - rpcbind security update - [0.2.0-11.el6_7]- Fix memory corruption in PMAP_CALLIT code (bz 1283638)\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2016-0005\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2016-0005.html\");\nscript_cve_id(\"CVE-2015-7236\");\nscript_tag(name:\"cvss_base\", value:\"5.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"rpcbind\", rpm:\"rpcbind~0.2.0~33.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"rpcbind\", rpm:\"rpcbind~0.2.0~11.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:48:04", "references": ["2016:0005", "http://lists.centos.org/pipermail/centos-announce/2016-January/021604.html"], "pluginID": "1361412562310882364", "description": "Check the version of rpcbind", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-01-08T00:00:00", "title": "CentOS Update for rpcbind CESA-2016:0005 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882364", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882364", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for rpcbind CESA-2016:0005 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882364\");\n script_version(\"$Revision: 6658 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:51:48 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 06:31:07 +0100 (Fri, 08 Jan 2016)\");\n script_cve_id(\"CVE-2015-7236\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for rpcbind CESA-2016:0005 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of rpcbind\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The rpcbind utility is a server that\nconverts RPC program numbers into universal addresses. It must be running on the\nhost to be able to make RPC calls on a server on that machine.\n\nA use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP\nconnections was discovered in rpcbind. A remote attacker could possibly\nexploit this flaw to crash the rpcbind service by performing a series of\nUDP and TCP calls. (CVE-2015-7236)\n\nAll rpcbind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. If the rpcbind service\nis running, it will be automatically restarted after installing this\nupdate.\n\");\n script_tag(name: \"affected\", value: \"rpcbind on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2016:0005\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2016-January/021604.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"rpcbind\", rpm:\"rpcbind~0.2.0~33.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:49:30", "references": ["http://www.debian.org/security/2015/dsa-3366.html"], "pluginID": "1361412562310703366", "description": "A remotely triggerable use-after-free vulnerability was found in\nrpcbind, a server that converts RPC program numbers into universal\naddresses. A remote attacker can take advantage of this flaw to mount a\ndenial of service (rpcbind crash).", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-09-23T00:00:00", "title": "Debian Security Advisory DSA 3366-1 (rpcbind - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703366", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3366.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3366-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703366\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-7236\");\n script_name(\"Debian Security Advisory DSA 3366-1 (rpcbind - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-09-23 00:00:00 +0200 (Wed, 23 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3366.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"rpcbind on Debian Linux\");\n script_tag(name: \"insight\", value: \"The rpcbind utility is a server that converts RPC program numbers\ninto universal addresses.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.2.0-8+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.2.1-6+deb8u1.\n\nWe recommend that you upgrade your rpcbind packages.\");\n script_tag(name: \"summary\", value: \"A remotely triggerable use-after-free vulnerability was found in\nrpcbind, a server that converts RPC program numbers into universal\naddresses. A remote attacker can take advantage of this flaw to mount a\ndenial of service (rpcbind crash).\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"rpcbind\", ver:\"0.2.0-8+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rpcbind\", ver:\"0.2.1-6+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:34", "references": ["https://www.redhat.com/archives/rhsa-announce/2016-January/msg00002.html", "2016:0005-01"], "pluginID": "1361412562310871537", "description": "Check the version of rpcbind", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-01-08T00:00:00", "title": "RedHat Update for rpcbind RHSA-2016:0005-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310871537", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871537", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for rpcbind RHSA-2016:0005-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871537\");\n script_version(\"$Revision: 6690 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:51:07 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 06:30:15 +0100 (Fri, 08 Jan 2016)\");\n script_cve_id(\"CVE-2015-7236\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for rpcbind RHSA-2016:0005-01\");\n script_tag(name: \"summary\", value: \"Check the version of rpcbind\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The rpcbind utility is a server that converts\nRPC program numbers into universal addresses. It must be running on the host to be\nable to make RPC calls on a server on that machine.\n\nA use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP\nconnections was discovered in rpcbind. A remote attacker could possibly\nexploit this flaw to crash the rpcbind service by performing a series of\nUDP and TCP calls. (CVE-2015-7236)\n\nAll rpcbind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. If the rpcbind service\nis running, it will be automatically restarted after installing this\nupdate.\n\");\n script_tag(name: \"affected\", value: \"rpcbind on Red Hat Enterprise Linux\nDesktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"RHSA\", value: \"2016:0005-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2016-January/msg00002.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"rpcbind\", rpm:\"rpcbind~0.2.0~33.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpcbind-debuginfo\", rpm:\"rpcbind-debuginfo~0.2.0~33.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"rpcbind\", rpm:\"rpcbind~0.2.0~11.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpcbind-debuginfo\", rpm:\"rpcbind-debuginfo~0.2.0~11.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:40", "references": ["2016:0005", "http://lists.centos.org/pipermail/centos-announce/2016-January/021593.html"], "pluginID": "1361412562310882367", "description": "Check the version of rpcbind", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-01-08T00:00:00", "title": "CentOS Update for rpcbind CESA-2016:0005 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7236"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882367", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882367", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for rpcbind CESA-2016:0005 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882367\");\n script_version(\"$Revision: 6658 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:51:48 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 06:31:17 +0100 (Fri, 08 Jan 2016)\");\n script_cve_id(\"CVE-2015-7236\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for rpcbind CESA-2016:0005 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of rpcbind\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The rpcbind utility is a server that\nconverts RPC program numbers into universal addresses. It must be running on\nthe host to be able to make RPC calls on a server on that machine.\n\nA use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP\nconnections was discovered in rpcbind. A remote attacker could possibly\nexploit this flaw to crash the rpcbind service by performing a series of\nUDP and TCP calls. (CVE-2015-7236)\n\nAll rpcbind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. If the rpcbind service\nis running, it will be automatically restarted after installing this\nupdate.\n\");\n script_tag(name: \"affected\", value: \"rpcbind on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2016:0005\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2016-January/021593.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"rpcbind\", rpm:\"rpcbind~0.2.0~11.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:44:25", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.2.0-33.el7_2", "arch": "src", "packageFilename": "rpcbind-0.2.0-33.el7_2.src.rpm", "packageName": "rpcbind", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.0-11.el6_7", "arch": "src", "packageFilename": "rpcbind-0.2.0-11.el6_7.src.rpm", "packageName": "rpcbind", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.0-11.el6_7", "arch": "src", "packageFilename": "rpcbind-0.2.0-11.el6_7.src.rpm", "packageName": "rpcbind", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.0-11.el6_7", "arch": "x86_64", "packageFilename": "rpcbind-0.2.0-11.el6_7.x86_64.rpm", "packageName": "rpcbind", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.0-11.el6_7", "arch": "i686", "packageFilename": "rpcbind-0.2.0-11.el6_7.i686.rpm", "packageName": "rpcbind", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.2.0-33.el7_2", "arch": "x86_64", "packageFilename": "rpcbind-0.2.0-33.el7_2.x86_64.rpm", "packageName": "rpcbind", "operator": "lt"}], "description": "[0.2.0-11.el6_7]\n- Fix memory corruption in PMAP_CALLIT code (bz 1283638)", "edition": 3, "reporter": "Oracle", "published": "2016-01-07T00:00:00", "title": "rpcbind security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-7236"], "modified": "2016-01-07T00:00:00", "id": "ELSA-2016-0005", "href": "http://linux.oracle.com/errata/ELSA-2016-0005.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32521"], "description": "User-after-free conditions.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-10-05T00:00:00", "title": "rpcbind use-after-free", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "rpcbind", "version": "0.2", "operator": "eq"}], "cvelist": ["CVE-2015-7236"], "modified": "2015-10-05T00:00:00", "id": "SECURITYVULNS:VULN:14701", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14701", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:01", "references": [], "description": "\r\n\r\n=============================================================================\r\nFreeBSD-SA-15:24.rpcbind Security Advisory\r\n The FreeBSD Project\r\n\r\nTopic: rpcbind(8) remote denial of service\r\n\r\nCategory: core\r\nModule: rpcbind\r\nAnnounced: 2015-09-29\r\nAffects: All supported versions of FreeBSD.\r\nCorrected: 2015-09-29 18:06:27 UTC (stable/10, 10.2-STABLE)\r\n 2015-09-29 18:07:18 UTC (releng/10.2, 10.2-RELEASE-p4)\r\n 2015-09-29 18:07:18 UTC (releng/10.1, 10.1-RELEASE-p21)\r\n 2015-09-29 18:06:27 UTC (stable/9, 9.3-STABLE)\r\n 2015-09-29 18:07:18 UTC (releng/9.3, 9.3-RELEASE-p27)\r\nCVE Name: CVE-2015-7236\r\n\r\nFor general information regarding FreeBSD Security Advisories,\r\nincluding descriptions of the fields above, security branches, and the\r\nfollowing sections, please visit <URL:https://security.FreeBSD.org/>.\r\n\r\nI. Background\r\n\r\nSun RPC is a remote procedure call framework which allows clients to invoke\r\nprocedures in a server process over a network transparently.\r\n\r\nThe rpcbind(8) utility is a server that converts RPC program numbers into\r\nuniversal addresses. It must be running on the host to be able to make RPC\r\ncalls on a server on that machine.\r\n\r\nThe Sun RPC framework uses a netbuf structure to represent the transport\r\nspecific form of a universal transport address. The structure is expected\r\nto be opaque to consumers. In the current implementation, the structure\r\ncontains a pointer to a buffer that holds the actual address.\r\n\r\nII. Problem Description\r\n\r\nIn rpcbind(8), netbuf structures are copied directly, which would result in\r\ntwo netbuf structures that reference to one shared address buffer. When one\r\nof the two netbuf structures is freed, access to the other netbuf structure\r\nwould result in an undefined result that may crash the rpcbind(8) daemon.\r\n\r\nIII. Impact\r\n\r\nA remote attacker who can send specifically crafted packets to the rpcbind(8)\r\ndaemon can cause it to crash, resulting in a denial of service condition.\r\n\r\nIV. Workaround\r\n\r\nNo workaround is available, but systems that do not provide the rpcbind(8)\r\nservice to untrusted systems, or do not provide any RPC services are not\r\nvulnerable. On FreeBSD, typical RPC based services includes NIS and NFS.\r\n\r\nAlternatively, rpcbind(8) can be configured to bind on specific IP\r\naddress(es) by using the '-h' option. This may be used to reduce the attack\r\nvector when the system has multiple network interfaces and when some of them\r\nwould face an untrusted network.\r\n\r\nV. Solution\r\n\r\nPerform one of the following:\r\n\r\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\r\nrelease / security branch (releng) dated after the correction date.\r\n\r\nRestart the applicable daemons, or reboot the system. Because rpcbind(8)\r\nis an essential service to all RPC service daemons, these daemons may also\r\nneed to be restarted.\r\n\r\n2) To update your vulnerable system via a binary patch:\r\n\r\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\r\nplatforms can be updated via the freebsd-update(8) utility:\r\n\r\n# freebsd-update fetch\r\n# freebsd-update install\r\n\r\nRestart the applicable daemons, or reboot the system. Because rpcbind(8)\r\nis an essential service to all RPC service daemons, these daemons may also\r\nneed to be restarted.\r\n\r\n3) To update your vulnerable system via a source code patch:\r\n\r\nThe following patches have been verified to apply to the applicable\r\nFreeBSD release branches.\r\n\r\na) Download the relevant patch from the location below, and verify the\r\ndetached PGP signature using your PGP utility.\r\n\r\n# fetch https://security.FreeBSD.org/patches/SA-15:24/rpcbind.patch\r\n# fetch https://security.FreeBSD.org/patches/SA-15:24/rpcbind.patch.asc\r\n# gpg --verify rpcbind.patch.asc\r\n\r\nb) Apply the patch. Execute the following commands as root:\r\n\r\n# cd /usr/src\r\n# patch < /path/to/patch\r\n\r\nc) Recompile the operating system using buildworld and installworld as\r\ndescribed in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.\r\n\r\nRestart the applicable daemons, or reboot the system.\r\n\r\nVI. Correction details\r\n\r\nThe following list contains the correction revision numbers for each\r\naffected branch.\r\n\r\nBranch/path Revision\r\n-------------------------------------------------------------------------\r\nstable/9/ r288384\r\nreleng/9.3/ r288385\r\nstable/10/ r288384\r\nreleng/10.1/ r288385\r\nreleng/10.2/ r288385\r\n-------------------------------------------------------------------------\r\n\r\nTo see which files were modified by a particular revision, run the\r\nfollowing command, replacing NNNNNN with the revision number, on a\r\nmachine with Subversion installed:\r\n\r\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\r\n\r\nOr visit the following URL, replacing NNNNNN with the revision number:\r\n\r\n<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>\r\n\r\nVII. References\r\n\r\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7236>\r\n\r\n<URL:https://bugzilla.suse.com/show_bug.cgi?id=946204>\r\n\r\nThe latest revision of this advisory is available at\r\n<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:24.rpcbind.asc>\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-10-05T00:00:00", "title": "FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:01", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-7236"], "modified": "2015-10-05T00:00:00", "id": "SECURITYVULNS:DOC:32521", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32521", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-06-06T18:05:52", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.0-11.el6_7", "arch": "i686", "packageName": "rpcbind-debuginfo", "packageFilename": "rpcbind-debuginfo-0.2.0-11.el6_7.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.0-11.el6_7", "arch": "src", "packageName": "rpcbind", "packageFilename": "rpcbind-0.2.0-11.el6_7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.0-11.el6_7", "arch": "x86_64", "packageName": "rpcbind-debuginfo", "packageFilename": "rpcbind-debuginfo-0.2.0-11.el6_7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.0-11.el6_7", "arch": "x86_64", "packageName": "rpcbind", "packageFilename": "rpcbind-0.2.0-11.el6_7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.0-11.el6_7", "arch": "i686", "packageName": "rpcbind", "packageFilename": "rpcbind-0.2.0-11.el6_7.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.0-11.el6_7", "arch": "ppc64", "packageName": "rpcbind-debuginfo", "packageFilename": "rpcbind-debuginfo-0.2.0-11.el6_7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.0-11.el6_7", "arch": "ppc64", "packageName": "rpcbind", "packageFilename": "rpcbind-0.2.0-11.el6_7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.0-11.el6_7", "arch": "s390x", "packageName": "rpcbind-debuginfo", "packageFilename": "rpcbind-debuginfo-0.2.0-11.el6_7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.0-11.el6_7", "arch": "s390x", "packageName": "rpcbind", "packageFilename": "rpcbind-0.2.0-11.el6_7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.0-33.el7_2", "arch": "x86_64", "packageName": "rpcbind-debuginfo", "packageFilename": "rpcbind-debuginfo-0.2.0-33.el7_2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.0-33.el7_2", "arch": "x86_64", "packageName": "rpcbind", "packageFilename": "rpcbind-0.2.0-33.el7_2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.0-33.el7_2", "arch": "ppc64", "packageName": "rpcbind-debuginfo", "packageFilename": "rpcbind-debuginfo-0.2.0-33.el7_2.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.0-33.el7_2", "arch": "ppc64", "packageName": "rpcbind", "packageFilename": "rpcbind-0.2.0-33.el7_2.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.0-33.el7_2", "arch": "s390x", "packageName": "rpcbind-debuginfo", "packageFilename": "rpcbind-debuginfo-0.2.0-33.el7_2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.0-33.el7_2", "arch": "s390x", "packageName": "rpcbind", "packageFilename": "rpcbind-0.2.0-33.el7_2.s390x.rpm", "operator": "lt"}], "description": "The rpcbind utility is a server that converts RPC program numbers into\nuniversal addresses. It must be running on the host to be able to make RPC\ncalls on a server on that machine.\n\nA use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP\nconnections was discovered in rpcbind. A remote attacker could possibly\nexploit this flaw to crash the rpcbind service by performing a series of\nUDP and TCP calls. (CVE-2015-7236)\n\nAll rpcbind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. If the rpcbind service\nis running, it will be automatically restarted after installing this\nupdate.\n", "reporter": "RedHat", "published": "2016-01-07T05:00:00", "type": "redhat", "title": "(RHSA-2016:0005) Moderate: rpcbind security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-7236"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:37", "id": "RHSA-2016:0005", "href": "https://access.redhat.com/errata/RHSA-2016:0005", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-11-22T12:55:27", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7236", "https://bugs.gentoo.org/show_bug.cgi?id=560990"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.2.3-r1", "arch": "all", "packageName": "net-nds/rpcbind", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "### Background\n\nThe RPCBind utility is a server that converts RPC program numbers into universal addresses. \n\n### Description\n\nA use-after-free vulnerability was discovered in RPCBind\u2019s svc_dodestroy function when trying to free a corrupted xprt->xp_netid pointer. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll RPCBind users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-nds/rpcbind-0.2.3-r1\"", "reporter": "Gentoo Foundation", "published": "2016-11-22T00:00:00", "type": "gentoo", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "RPCBind: Denial of Service", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7236"], "modified": "2016-11-22T00:00:00", "id": "GLSA-201611-17", "href": "https://security.gentoo.org/glsa/201611-17", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T18:35:17", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "0.2.1-6+deb8u1", "packageFilename": "rpcbind_0.2.1-6+deb8u1_all.deb", "packageName": "rpcbind", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "0.2.0-8+deb7u1", "packageFilename": "rpcbind_0.2.0-8+deb7u1_all.deb", "packageName": "rpcbind", "arch": "all", "operator": "lt"}], "description": "A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash).\n\nFor the oldstable distribution (wheezy), this problem has been fixed in version 0.2.0-8+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in version 0.2.1-6+deb8u1.\n\nWe recommend that you upgrade your rpcbind packages.", "edition": 1, "reporter": "Debian", "published": "2015-09-23T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "rpcbind -- security update", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7236"], "modified": "2015-09-23T00:00:00", "id": "DSA-3366", "href": "http://www.debian.org/security/dsa-3366", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-02T12:56:30", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "6", "packageVersion": "0.2.0-4.1+deb6u1", "arch": "all", "packageFilename": "rpcbind_0.2.0-4.1+deb6u1_all.deb", "packageName": "rpcbind", "operator": "lt"}], "description": "A use-after-free vulnerability in rpcbind causing remotely triggerable crash was found. Rpcbind crashes in svc_dodestroy when trying to free a corrupted xprt->xp_netid pointer, which contains a sockaddr_in.", "edition": 1, "reporter": "Debian", "published": "2015-09-20T00:00:00", "title": "rpcbind -- LTS security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7236"], "modified": "2015-09-20T00:00:00", "id": "DLA-311", "href": "http://www.debian.org/security/2015/dla-311", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:41", "references": ["https://access.redhat.com/security/cve/CVE-2015-7236", "https://bugs.archlinux.org/task/46341", "http://seclists.org/oss-sec/2015/q3/561"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "0.2.3-2", "packageName": "rpcbind", "arch": "any", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "A use-after-free vulnerability has been found in rpcbind, leading to\nmemory corruption then crash in the svc_dodestroy() function while\ntrying to free a corrupted xprt->xp_netid pointer.", "reporter": "Arch Linux", "published": "2015-09-25T00:00:00", "title": "rpcbind: denial of service", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7236"], "modified": "2015-09-25T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html", "id": "ASA-201509-10", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:10", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-7236"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "0.2.0-7ubuntu1.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "rpcbind", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "0.2.1-6ubuntu3.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "rpcbind", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "0.2.1-2ubuntu2.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "rpcbind", "operator": "lt"}], "description": "It was discovered that rpcbind incorrectly handled certain memory structures. A remote attacker could use this issue to cause rpcbind to crash, resulting in a denial of service, or possibly execute arbitrary code.", "edition": 3, "reporter": "Ubuntu", "published": "2015-09-30T00:00:00", "title": "rpcbind vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-7236"], "modified": "2015-09-30T00:00:00", "id": "USN-2756-1", "href": "https://usn.ubuntu.com/2756-1/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oracle": [{"lastseen": "2018-08-31T04:13:55", "references": [], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 136 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n** Please note that on March 23, 2016, Oracle released [Security Alert for Java SE for CVE-2016-0636](<http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html>). Customers of affected Oracle product(s) are strongly advised to apply the fixes that were announced for CVE-2016-0636. **\n\nPlease also note that the vulnerabilities in this Critical Patch Update are scored using versions 3.0 and 2.0 of Common Vulnerability Scoring Standard (CVSS). Future Critical Patch Updates and Security Alerts will be scored using CVSS version 3.0 only.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "edition": 3, "reporter": "Oracle", "published": "2016-04-19T00:00:00", "title": "cpuapr2016v3", "type": "oracle", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "MySQL Enterprise Monitor", "version": "3.0.25", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "6.5", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.5.1", "operator": "le"}, {"name": "Oracle WebCenter Sites", "version": "11.1.1.8.0", "operator": "le"}, {"name": "Oracle Configurator", "version": "12.2", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "5.0.18", "operator": "le"}, {"name": "RDBMS Security", "version": "11.2.0.4", "operator": "le"}, {"name": "Solaris Cluster", "version": "4.2", "operator": "le"}, {"name": "Oracle Field Service", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Configurator", "version": "12.1", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.46", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "7u99", "operator": "le"}, {"name": "Oracle OpenSSO", "version": "3.0", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "6.0", "operator": "le"}, {"name": "Oracle Complex Maintenance, Repair, and Overhaul", "version": "12.1.1", "operator": "le"}, {"name": "DataStore", "version": "11.2.5.3.28", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.3", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "5.0.16", "operator": "le"}, {"name": "Java VM", "version": "11.2.0.4", "operator": "le"}, {"name": "Java SE", "version": "7u99", "operator": "le"}, {"name": "OSS Support Tools Oracle Explorer", "version": "8.11.16.3.8", "operator": "le"}, {"name": "RDBMS Security", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.5.2", "operator": "le"}, {"name": "Oracle Complex Maintenance, Repair, and Overhaul", "version": "12.1.2", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "12.1.2.0", "operator": "le"}, {"name": "SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers", "version": "1121", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.29", "operator": "le"}, {"name": "JD Edwards EnterpriseOne Tools", "version": "9.2", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "2.1.1", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.6", "operator": "le"}, {"name": "MySQL Server", "version": "5.7.11", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.55", "operator": "le"}, {"name": "Oracle Field Service", "version": "12.1.1", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM ePerformance", "version": "9.2", "operator": "le"}, {"name": "Oracle Exalogic Infrastructure", "version": "1.0", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.2", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.1.1", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "6u113", "operator": "le"}, {"name": "Oracle iPlanet Web Proxy Server", "version": "4.0", "operator": "le"}, {"name": "Oracle Field Service", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Retail MICROS C2", "version": "9.89.0.0", "operator": "le"}, {"name": "Java SE", "version": "8u77", "operator": "le"}, {"name": "Oracle OLAP", "version": "12.1.0.2", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.47", "operator": "le"}, {"name": "Siebel Core - Common Components", "version": "8.2.2", "operator": "le"}, {"name": "DataStore", "version": "12.1.6.1.26", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.1.3", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM", "version": "9.1", "operator": "le"}, {"name": "DataStore", "version": "11.2.5.1.29", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.1", "operator": "le"}, {"name": "Oracle Agile PLM", "version": "9.3.1.1", "operator": "le"}, {"name": "Oracle Ethernet Switch ES2-72, Oracle Ethernet Switch ES2-64", "version": "2.0.0.6", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM", "version": "9.2", "operator": "le"}, {"name": "Oracle Agile Engineering Data Management", "version": "6.2.0.0", "operator": "le"}, {"name": "Siebel Core - Common Components", "version": "8.1.1", "operator": "le"}, {"name": "Oracle Retail MICROS ARS POS", "version": "1.5", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "8u77", "operator": "le"}, {"name": "JD Edwards EnterpriseOne Tools", "version": "9.1", "operator": "le"}, {"name": "Oracle API Gateway", "version": "11.1.2.4.0", "operator": "le"}, {"name": "Siebel UI Framework", "version": "8.2.2", "operator": "le"}, {"name": "Java VM", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Traffic Director", "version": "11.1.1.9.0", "operator": "le"}, {"name": "Sun Ray Software", "version": "11.1", "operator": "le"}, {"name": "Oracle CRM Wireless", "version": "12.1.3", "operator": "le"}, {"name": "Solaris", "version": "10", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.2.1", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.1.3", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Agile PLM", "version": "9.3.2", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.3.36", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Application Testing Suite", "version": "12.5.0.2", "operator": "le"}, {"name": "DataStore", "version": "11.2.5.0.32", "operator": "le"}, {"name": "MySQL Enterprise Monitor", "version": "3.1.2", "operator": "le"}, {"name": "Oracle Traffic Director", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle FLEXCUBE Direct Banking", "version": "12.0.3", "operator": "le"}, {"name": "Oracle Agile PLM", "version": "9.3.3", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.3", "operator": "le"}, {"name": "DataStore", "version": "11.2.5.2.42", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.28", "operator": "le"}, {"name": "Oracle API Gateway", "version": "11.1.2.3.0", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "7u99", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "6u113", "operator": "le"}, {"name": "RDBMS Security", "version": "12.1.0.2", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8", "operator": "le"}, {"name": "Siebel UI Framework", "version": "8.1.1", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.5.0", "operator": "le"}, {"name": "MySQL Server", "version": "5.7.10", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.5", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "5.0.14", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.53", "operator": "le"}, {"name": "Sun Storage Common Array Manager", "version": "6.9.0", "operator": "le"}, {"name": "DataStore", "version": "12.1.6.0.35", "operator": "le"}, {"name": "Fujitsu M10-1, M10-4, M10-4S Servers", "version": "2290", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Agile PLM", "version": "9.3.1.2", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "8u77", "operator": "le"}, {"name": "Oracle BI Publisher", "version": "12.2.1.0.0", "operator": "le"}, {"name": "Oracle Agile Engineering Data Management", "version": "6.1.3.0", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1.1.9.0", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM", "version": "9.2", "operator": "le"}, {"name": "Oracle WebCenter Sites", "version": "12.2.1", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Tuxedo", "version": "12.1.1.0", "operator": "le"}, {"name": "Java SE", "version": "6u113", "operator": "le"}, {"name": "Oracle iPlanet Web Server", "version": "7.0", "operator": "le"}, {"name": "Oracle Exalogic Infrastructure", "version": "2.0", "operator": "le"}, {"name": "Oracle OLAP", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "5.0", "operator": "le"}, {"name": "Oracle OLAP", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Life Sciences Data Hub", "version": "2.1", "operator": "le"}, {"name": "Java VM", "version": "12.1.0.1", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.48", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "7.0", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.1.2", "operator": "le"}, {"name": "Oracle FLEXCUBE Direct Banking", "version": "12.0.2", "operator": "le"}, {"name": "Oracle Communications User Data Repository", "version": "10.0.1", "operator": "le"}, {"name": "Oracle Complex Maintenance, Repair, and Overhaul", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "7.1", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.4", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "54", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "5.5", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.4", "operator": "le"}, {"name": "Solaris", "version": "11.3", "operator": "le"}, {"name": "Oracle Application Testing Suite", "version": "12.4.0.2", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "12.2.1.0.0", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM", "version": "9.1", "operator": "le"}], "cvelist": ["CVE-2015-4000", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0681", "CVE-2016-0641", "CVE-2014-3566", "CVE-2016-3436", "CVE-2011-4461", "CVE-2016-0697", "CVE-2015-1793", "CVE-2015-7236", "CVE-2015-3197", "CVE-2016-3457", "CVE-2016-3417", "CVE-2016-3441", "CVE-2016-3426", "CVE-2016-0699", "CVE-2016-0407", "CVE-2016-0623", "CVE-2016-0705", "CVE-2016-3423", "CVE-2013-4786", "CVE-2016-3418", "CVE-2016-0695", "CVE-2015-7181", "CVE-2015-1789", "CVE-2015-1794", "CVE-2016-3427", "CVE-2016-0682", "CVE-2016-2047", "CVE-2015-3195", "CVE-2016-0798", "CVE-2016-0677", "CVE-2014-3576", "CVE-2016-0649", "CVE-2016-0698", "CVE-2016-3462", "CVE-2016-0639", "CVE-2016-0696", "CVE-2016-0669", "CVE-2016-0692", "CVE-2016-0799", "CVE-2016-0694", "CVE-2016-3449", "CVE-2016-0469", "CVE-2016-0662", "CVE-2016-0680", "CVE-2016-0678", "CVE-2015-3194", "CVE-2015-7501", "CVE-2015-3253", "CVE-2016-3463", "CVE-2016-0646", "CVE-2016-3420", "CVE-2016-3422", "CVE-2016-3416", "CVE-2016-0674", "CVE-2016-0668", "CVE-2016-3431", "CVE-2015-3238", "CVE-2016-0797", "CVE-2015-7182", "CVE-2016-0702", "CVE-2015-2808", "CVE-2016-3419", "CVE-2015-7575", "CVE-2016-3456", "CVE-2014-2532", "CVE-2016-0679", "CVE-2016-0685", "CVE-2015-3196", "CVE-2016-0666", "CVE-2015-2721", "CVE-2015-3193", "CVE-2016-0479", "CVE-2016-0659", "CVE-2016-0636", "CVE-2016-0643", "CVE-2016-3454", "CVE-2016-0672", "CVE-2016-0642", "CVE-2016-3428", "CVE-2016-3443", "CVE-2016-3460", "CVE-2016-0675", "CVE-2016-0687", "CVE-2016-0652", "CVE-2016-0640", "CVE-2016-0700", "CVE-2015-7183", "CVE-2016-0638", "CVE-2016-0408", "CVE-2016-3442", "CVE-2016-0651", "CVE-2016-3461", "CVE-2016-0673", "CVE-2016-3447", "CVE-2016-0690", "CVE-2016-0665", "CVE-2016-0800", "CVE-2016-0655", "CVE-2016-0657", "CVE-2016-0684", "CVE-2016-3425", "CVE-2016-0468", "CVE-2013-2566", "CVE-2016-3464", "CVE-2015-1790", "CVE-2016-0691", "CVE-2016-3438", "CVE-2016-0686", "CVE-2016-3435", "CVE-2016-3434", "CVE-2016-0654", "CVE-2016-3455", "CVE-2016-3421", "CVE-2016-3465", "CVE-2016-3439", "CVE-2016-3429", "CVE-2016-0658", "CVE-2016-0650", "CVE-2016-0644", "CVE-2016-3437", "CVE-2016-0676", "CVE-2016-0656", "CVE-2016-0667", "CVE-2016-0683", "CVE-2016-0653", "CVE-2016-0671", "CVE-2016-0661", "CVE-2016-3466", "CVE-2016-0693", "CVE-2015-7547", "CVE-2015-4923", "CVE-2016-0688", "CVE-2016-0689", "CVE-2016-0663"], "modified": "2016-12-20T00:00:00", "id": "ORACLE:CPUAPR2016V3-2985753", "href": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
