|
Message-ID: <CAO5O-EL6qGatYRnqwb_aBc3x-hOTeZvZar0OQU4OU2dk45jctQ@mail.gmail.com> Date: Thu, 4 May 2017 16:12:01 +0200 From: Guido Vranken <guidovranken@...il.com> To: oss-security@...ts.openwall.com Subject: Re: rpcbomb: remote rpcbind denial-of-service Salvatore Bonaccorso of Debian was so kind to request a CVE. It is: CVE-2017-8779 On Wed, May 3, 2017 at 8:55 PM, Guido Vranken <guidovranken@...il.com> wrote: > This vulnerability allows an attacker to allocate any amount of bytes > (up to 4 gigabytes per attack) on a remote rpcbind host, and the > memory is never freed unless the process crashes or the administrator > halts or restarts the rpcbind service. > > Attacking a system is trivial; a single attack consists of sending a > specially crafted payload of around 60 bytes through a UDP socket. > > This can slow down the system’s operations significantly or prevent > other services (such as a web server) from spawning processes > entirely. > > An extensive write-up can be found here: > https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ > > Exploit + patches: https://github.com/guidovranken/rpcbomb/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.