(Oracle Issues Fix for Oracle Linux) Rpcbind Memory Leak in rpcb_service_4() Lets Remote Users Consume Excessive Memory Resources
|
SecurityTracker Alert ID: 1038550 |
SecurityTracker URL: http://securitytracker.com/id/1038550
|
CVE Reference:
CVE-2017-8779
(Links to External Site)
|
Date: May 24 2017
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
|
Description:
A vulnerability was reported in Rpcbind. A remote user can consume excessive memory on the target system.
A remote user can send a large number of specially crafted XDR messages to trigger a memory leak in rpcb_service_4() to consume excessive memory on the target system.
The vulnerability resides in the libntirpc component.
The original advisory and demonstration exploit is available at:
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
Guido Vranken reported this vulnerability.
|
Impact:
A remote user can consume excessive memory resources on the target system.
|
Solution:
Oracle has issued a fix.
The Oracle Linux advisory is available at:
http://linux.oracle.com/errata/ELSA-2017-1267.html
|
Vendor URL: linux.oracle.com/errata/ELSA-2017-1267.html (Links to External Site)
|
Cause:
Resource error
|
Underlying OS: Linux (Oracle)
|
Underlying OS Comments: 6
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Subject: [El-errata] ELSA-2017-1267 Important: Oracle Linux 6 rpcbind security update
|
Oracle Linux Security Advisory ELSA-2017-1267
http://linux.oracle.com/errata/ELSA-2017-1267.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
rpcbind-0.2.0-13.el6_9.i686.rpm
x86_64:
rpcbind-0.2.0-13.el6_9.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/rpcbind-0.2.0-13.el6_9.src.rpm
Description of changes:
[0.2.0-13_9]
- Fix for CVE-2017-8779 (bz 1449461)
_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
|
|