CVE-2017-8779

CVE-2017-8779 affects rpcbind and its TI-RPC/libtirpc stack. The issue is an unbounded memory leak while parsing XDR strings, causing memory exhaustion and potential denial of service via crafted UDP traffic to port 111 (rpcbomb). Public advisories and vendor notes confirm the root cause in libti...

CVE-2015-7236

CVE-2015-7236 describes a use-after-free in rpcbind (xprt_set_caller in rpcb_svc_com.c) affecting rpcbind 0.2.1 and earlier. The vulnerability can be triggered by crafted PMAP_CALLIT packets over TCP/UDP, enabling a remote attacker to cause a denial-of-service (daemon crash). Connected sources do...

CVE-2010-2064

CVE-2010-2064 affects rpcbind 0.2.0; local attackers can write to arbitrary files or gain privileges via a symlink attack on /tmp/portmap.xdr and /tmp/rpcbind.xdr. Root cause: incorrect handling of symbolic links in temporary files leads to privilege/escalation risk. Exploitation details are not ...

CVE-2010-2061

The CVE-2010-2061 case concerns rpcbind 0.2.0, where the daemon mishandles validation of two transient files (/tmp/portmap.xdr and /tmp/rpcbind.xdr). The underlying issue is insufficient validation that attackers could exploit by pre-creating these files before the daemon starts, potentially infl...