[SECURITY] [DLA 311-1] rpcbind security update

2015-09-2014:02:31

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.049 Low

EPSS

Percentile

92.7%

JSON

Package : rpcbind
Version : 0.2.0-4.1+deb6u1
CVE ID : CVE-2015-7236

A use-after-free vulnerability in rpcbind causing remotely triggerable
crash was found. Rpcbind crashes in svc_dodestroy when trying to free a
corrupted xprt->xp_netid pointer, which contains a sockaddr_in.

OSVersionArchitecturePackageVersionFilename
Debian8kfreebsd-i386rpcbind< 0.2.1-6+deb8u1rpcbind_0.2.1-6+deb8u1_kfreebsd-i386.deb
Debian6i386rpcbind< 0.2.0-4.1+deb6u1rpcbind_0.2.0-4.1+deb6u1_i386.deb
Debian8mipselrpcbind< 0.2.1-6+deb8u1rpcbind_0.2.1-6+deb8u1_mipsel.deb
Debian7powerpcrpcbind< 0.2.0-8+deb7u1rpcbind_0.2.0-8+deb7u1_powerpc.deb
Debian8powerpcrpcbind< 0.2.1-6+deb8u1rpcbind_0.2.1-6+deb8u1_powerpc.deb
Debian8ppc64elrpcbind< 0.2.1-6+deb8u1rpcbind_0.2.1-6+deb8u1_ppc64el.deb
Debian7allrpcbind< 0.2.0-8+deb7u1rpcbind_0.2.0-8+deb7u1_all.deb
Debian7ia64rpcbind< 0.2.0-8+deb7u1rpcbind_0.2.0-8+deb7u1_ia64.deb
Debian8i386rpcbind< 0.2.1-6+deb8u1rpcbind_0.2.1-6+deb8u1_i386.deb
Debian8mipsrpcbind< 0.2.1-6+deb8u1rpcbind_0.2.1-6+deb8u1_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	kfreebsd-i386	rpcbind	< 0.2.1-6+deb8u1	rpcbind_0.2.1-6+deb8u1_kfreebsd-i386.deb
Debian	6	i386	rpcbind	< 0.2.0-4.1+deb6u1	rpcbind_0.2.0-4.1+deb6u1_i386.deb
Debian	8	mipsel	rpcbind	< 0.2.1-6+deb8u1	rpcbind_0.2.1-6+deb8u1_mipsel.deb
Debian	7	powerpc	rpcbind	< 0.2.0-8+deb7u1	rpcbind_0.2.0-8+deb7u1_powerpc.deb
Debian	8	powerpc	rpcbind	< 0.2.1-6+deb8u1	rpcbind_0.2.1-6+deb8u1_powerpc.deb
Debian	8	ppc64el	rpcbind	< 0.2.1-6+deb8u1	rpcbind_0.2.1-6+deb8u1_ppc64el.deb
Debian	7	all	rpcbind	< 0.2.0-8+deb7u1	rpcbind_0.2.0-8+deb7u1_all.deb
Debian	7	ia64	rpcbind	< 0.2.0-8+deb7u1	rpcbind_0.2.0-8+deb7u1_ia64.deb
Debian	8	i386	rpcbind	< 0.2.1-6+deb8u1	rpcbind_0.2.1-6+deb8u1_i386.deb
Debian	8	mips	rpcbind	< 0.2.1-6+deb8u1	rpcbind_0.2.1-6+deb8u1_mips.deb