exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2015-7236

Status Candidate

Overview

Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.

Related Files

Gentoo Linux Security Advisory 201611-17
Posted Nov 22, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-17 - A buffer overflow in RPCBind might allow remote attackers to cause a Denial of Service. Versions less than 0.2.3-r1 are affected.

tags | advisory, remote, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2015-7236
SHA-256 | afd05a0c233637b1e7809dcbcc7edbb1b672dd4a08a6ed63f1e333c2983b0d87
Red Hat Security Advisory 2016-0005-01
Posted Jan 7, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0005-01 - The rpcbind utility is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote attacker could possibly exploit this flaw to crash the rpcbind service by performing a series of UDP and TCP calls. All rpcbind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the rpcbind service is running, it will be automatically restarted after installing this update.

tags | advisory, remote, udp, tcp
systems | linux, redhat
advisories | CVE-2015-7236
SHA-256 | ba77d1ef8f14f6a9cc7ef813be30ad166ae7d317dfe5cfad13ef388020ea8b53
Ubuntu Security Notice USN-2756-1
Posted Oct 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2756-1 - It was discovered that rpcbind incorrectly handled certain memory structures. A remote attacker could use this issue to cause rpcbind to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-7236
SHA-256 | cdcff91e5e16c758d27403bf9780a6aff9cdbee68ff06393dc5e465dcfb25915
FreeBSD Security Advisory - rpcbind(8) Denial Of Service
Posted Sep 30, 2015
Site security.freebsd.org

FreeBSD Security Advisory - In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon. A remote attacker who can send specifically crafted packets to the rpcbind(8) daemon can cause it to crash, resulting in a denial of service condition.

tags | advisory, remote, denial of service
systems | freebsd
advisories | CVE-2015-7236
SHA-256 | 3878ab5590562a5fd5ca50aa28fff88a0aafae68e4b7788d01ccb77fe3e7103d
Debian Security Advisory 3366-1
Posted Sep 24, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3366-1 - A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash).

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2015-7236
SHA-256 | 98be0a92a93f054d0e77b6763c292f565ae1d55068b02c508f3de091e937e53d
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close