Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 4 May 2017 16:12:01 +0200
From: Guido Vranken <guidovranken@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: rpcbomb: remote rpcbind denial-of-service

Salvatore Bonaccorso  of Debian was so kind to request a CVE. It is:
CVE-2017-8779

On Wed, May 3, 2017 at 8:55 PM, Guido Vranken <guidovranken@...il.com> wrote:
> This vulnerability allows an attacker to allocate any amount of bytes
> (up to 4 gigabytes per attack) on a remote rpcbind host, and the
> memory is never freed unless the process crashes or the administrator
> halts or restarts the rpcbind service.
>
> Attacking a system is trivial; a single attack consists of sending a
> specially crafted payload of around 60 bytes through a UDP socket.
>
> This can slow down the system’s operations significantly or prevent
> other services (such as a web server) from spawning processes
> entirely.
>
> An extensive write-up can be found here:
> https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
>
> Exploit + patches: https://github.com/guidovranken/rpcbomb/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.