Date: Wed, 3 May 2017 17:55:20 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: oss-security@...ts.openwall.com Subject: Re: rpcbomb: remote rpcbind denial-of-service On Wed, May 03, 2017 at 08:55:23PM +0200, Guido Vranken wrote: > This vulnerability allows an attacker to allocate any amount of bytes > (up to 4 gigabytes per attack) on a remote rpcbind host, and the > memory is never freed unless the process crashes or the administrator > halts or restarts the rpcbind service. > [...] > An extensive write-up can be found here: > https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ > > Exploit + patches: https://github.com/guidovranken/rpcbomb/ Hello Guido, nice find. Have CVE numbers been requested for this issue yet? Have you investigated if ntirpc is affected too? Much of the code looks similar: http://sources.debian.net/src/ntirpc/1.4.3-3/src/rpc_generic.c/#L728 Thanks Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ