Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 May 2017 20:55:23 +0200
From: Guido Vranken <>
Subject: rpcbomb: remote rpcbind denial-of-service

This vulnerability allows an attacker to allocate any amount of bytes
(up to 4 gigabytes per attack) on a remote rpcbind host, and the
memory is never freed unless the process crashes or the administrator
halts or restarts the rpcbind service.

Attacking a system is trivial; a single attack consists of sending a
specially crafted payload of around 60 bytes through a UDP socket.

This can slow down the system’s operations significantly or prevent
other services (such as a web server) from spawning processes

An extensive write-up can be found here:

Exploit + patches:

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ