7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
libntirpc is vulnerable to denial of service. It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
openwall.com/lists/oss-security/2017/05/03/12
openwall.com/lists/oss-security/2017/05/04/1
www.debian.org/security/2017/dsa-3845
www.securityfocus.com/bid/98325
www.securitytracker.com/id/1038532
access.redhat.com/errata/RHBA-2017:1497
access.redhat.com/errata/RHSA-2017:1262
access.redhat.com/errata/RHSA-2017:1263
access.redhat.com/errata/RHSA-2017:1267
access.redhat.com/errata/RHSA-2017:1268
access.redhat.com/errata/RHSA-2017:1395
access.redhat.com/security/cve/CVE-2017-8779
bugzilla.redhat.com/show_bug.cgi?id=1200967
bugzilla.redhat.com/show_bug.cgi?id=1265435
bugzilla.redhat.com/show_bug.cgi?id=1330023
bugzilla.redhat.com/show_bug.cgi?id=1337579
bugzilla.redhat.com/show_bug.cgi?id=1347214
bugzilla.redhat.com/show_bug.cgi?id=1351366
bugzilla.redhat.com/show_bug.cgi?id=1352638
bugzilla.redhat.com/show_bug.cgi?id=1363949
bugzilla.redhat.com/show_bug.cgi?id=1370301
bugzilla.redhat.com/show_bug.cgi?id=1370331
bugzilla.redhat.com/show_bug.cgi?id=1378294
bugzilla.redhat.com/show_bug.cgi?id=1381463
bugzilla.redhat.com/show_bug.cgi?id=1391650
bugzilla.redhat.com/show_bug.cgi?id=1391920
bugzilla.redhat.com/show_bug.cgi?id=1396956
bugzilla.redhat.com/show_bug.cgi?id=1397937
bugzilla.redhat.com/show_bug.cgi?id=1406599
bugzilla.redhat.com/show_bug.cgi?id=1406600
bugzilla.redhat.com/show_bug.cgi?id=1406867
bugzilla.redhat.com/show_bug.cgi?id=1410133
bugzilla.redhat.com/show_bug.cgi?id=1410136
bugzilla.redhat.com/show_bug.cgi?id=1410137
bugzilla.redhat.com/show_bug.cgi?id=1410142
bugzilla.redhat.com/show_bug.cgi?id=1416041
bugzilla.redhat.com/show_bug.cgi?id=1416575
bugzilla.redhat.com/show_bug.cgi?id=1418235
bugzilla.redhat.com/show_bug.cgi?id=1421819
bugzilla.redhat.com/show_bug.cgi?id=1422822
bugzilla.redhat.com/show_bug.cgi?id=1423858
bugzilla.redhat.com/show_bug.cgi?id=1423886
bugzilla.redhat.com/show_bug.cgi?id=1425115
bugzilla.redhat.com/show_bug.cgi?id=1428308
bugzilla.redhat.com/show_bug.cgi?id=1428324
bugzilla.redhat.com/show_bug.cgi?id=1428326
bugzilla.redhat.com/show_bug.cgi?id=1429374
bugzilla.redhat.com/show_bug.cgi?id=1430650
bugzilla.redhat.com/show_bug.cgi?id=1430887
bugzilla.redhat.com/show_bug.cgi?id=1431787
bugzilla.redhat.com/show_bug.cgi?id=1431833
bugzilla.redhat.com/show_bug.cgi?id=1431848
bugzilla.redhat.com/show_bug.cgi?id=1435003
bugzilla.redhat.com/show_bug.cgi?id=1436427
bugzilla.redhat.com/show_bug.cgi?id=1437579
bugzilla.redhat.com/show_bug.cgi?id=1438895
bugzilla.redhat.com/show_bug.cgi?id=1438965
bugzilla.redhat.com/show_bug.cgi?id=1439355
bugzilla.redhat.com/show_bug.cgi?id=1439880
bugzilla.redhat.com/show_bug.cgi?id=1439917
bugzilla.redhat.com/show_bug.cgi?id=1442265
bugzilla.redhat.com/show_bug.cgi?id=1443132
bugzilla.redhat.com/show_bug.cgi?id=1443150
bugzilla.redhat.com/show_bug.cgi?id=1446665
bugzilla.redhat.com/show_bug.cgi?id=1447628
bugzilla.redhat.com/show_bug.cgi?id=1448066
bugzilla.redhat.com/show_bug.cgi?id=1450274
bugzilla.redhat.com/show_bug.cgi?id=1450401
bugzilla.redhat.com/show_bug.cgi?id=1451305
bugzilla.redhat.com/show_bug.cgi?id=1454355
bugzilla.redhat.com/show_bug.cgi?id=1454942
bugzilla.redhat.com/show_bug.cgi?id=1455596
bugzilla.redhat.com/show_bug.cgi?id=1457097
bugzilla.redhat.com/show_bug.cgi?id=1458715
bugzilla.redhat.com/show_bug.cgi?id=1458734
bugzilla.redhat.com/show_bug.cgi?id=1458865
bugzilla.redhat.com/show_bug.cgi?id=1459593
bugzilla.redhat.com/show_bug.cgi?id=1459596
github.com/drbothen/GO-RPCBOMB
github.com/guidovranken/rpcbomb/
guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
security.gentoo.org/glsa/201706-07
security.netapp.com/advisory/ntap-20180109-0001/
usn.ubuntu.com/3759-1/
usn.ubuntu.com/3759-2/
www.exploit-db.com/exploits/41974/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C