The Internet: rpcbind "rpcbomb" CVE-2017-8779, CVE-2017-8804

2017-05-31T18:50:34
ID H1:235016
Type hackerone
Reporter guido
Modified 2019-10-14T00:24:47

Description

Description: this allowed an attacker to easily disrupt a remote system through excessive memory consumption.

Writeup: https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ Demonstration video: https://www.youtube.com/watch?v=b38H3oEgrQw (this video shows that the attack doesn't necessarily just crashes the rpcbind process, but that the entire system can slow down severely because it has to resort to swap memory, even if overcommit is enabled. This implies scope=changed in the CVSS. But I filled out unchanged to be consistent with the official assessment) CVSS score: https://nvd.nist.gov/vuln/detail/CVE-2017-8779

rpcbind/libtirpc: CVE-2017-8779 http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=dd9c7cf4f8f375c6d641b760d124650c418c2ce3 (patches by me) GLIBC: CVE-2017-8804 https://sourceware.org/bugzilla/show_bug.cgi?id=21461