Date: Thu, 4 May 2017 16:12:01 +0200 From: Guido Vranken <guidovranken@...il.com> To: oss-security@...ts.openwall.com Subject: Re: rpcbomb: remote rpcbind denial-of-service Salvatore Bonaccorso of Debian was so kind to request a CVE. It is: CVE-2017-8779 On Wed, May 3, 2017 at 8:55 PM, Guido Vranken <guidovranken@...il.com> wrote: > This vulnerability allows an attacker to allocate any amount of bytes > (up to 4 gigabytes per attack) on a remote rpcbind host, and the > memory is never freed unless the process crashes or the administrator > halts or restarts the rpcbind service. > > Attacking a system is trivial; a single attack consists of sending a > specially crafted payload of around 60 bytes through a UDP socket. > > This can slow down the system’s operations significantly or prevent > other services (such as a web server) from spawning processes > entirely. > > An extensive write-up can be found here: > https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ > > Exploit + patches: https://github.com/guidovranken/rpcbomb/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ