This Metasploit module exploits a vulnerability in certain versions of rpcbind, LIBTIRPC, and NTIRPC, allowing an attacker to trigger large (and never freed) memory allocations for XDR strings on the target.
9cb9f42f23398bceca7a6b058d3843930866bd713221a166b211f3635a4bab18Ubuntu Security Notice 4986-2 - USN-4986-1 fixed a vulnerability in rpcbind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service. Various other issues were also addressed.
32b149ed8230cc124da11b6389b252a579c710c6cb7964575dcf45329cc714efUbuntu Security Notice 4986-1 - It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service.
77b52e225377f615a2e109e7f723e24881793f0b8636500930f45cef0235d2cdUbuntu Security Notice 3759-2 - USN-3759-1 fixed a vulnerability in libtirpc. This update provides the corresponding update for Ubuntu 12.04 ESM. Aldy Hernandez discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
35536226974c7fe774b799664ae0331c21d7ef9b12b88831452d0d1946442c2fUbuntu Security Notice 3759-1 - Aldy Hernandez discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
bb42ed420ac1a4099eb60922206da39be8999455162b87917730bf295851efffRed Hat Security Advisory 2017-1395-01 - This package contains a new implementation of the original libtirpc, transport-independent RPC library for NFS-Ganesha. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
69097b8242e606c94f659acf6900a750c1b9ea1d20a4996a33525ffb378f843aGentoo Linux Security Advisory 201706-7 - A vulnerability has been found in Libtirpc and RPCBind which may allow a remote attacker to cause a Denial of Service condition. Versions less than 0.2.4-r are affected.
59624e621f93121cd0d16496963f23e5c5f677137e142ed1938abe9307040642Red Hat Security Advisory 2017-1268-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
0007e2623162483258a522432d2bf8028209d9e4813b7b7580508a084bb149bcRed Hat Security Advisory 2017-1267-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
be1bec16ec036a0c7830fe3c4598296e0dca514477d0acaa83c8975bede107bdRed Hat Security Advisory 2017-1262-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
9df768ffe02abc9c9d33d36f5d1cb57af1e669c292ca02824422babbe60dd117Red Hat Security Advisory 2017-1263-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
49d9acba01c695412d6018d26794d50acb5f77b1730e133e0169fa768d25b526Debian Linux Security Advisory 3845-1 - Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).
7a8b8ee3c3a5ef9eae5d5ea439c099ab96484001aea09ca6539efce6324e98a8RPCBind / libtirpc denial of service exploit.
d0ca6273bf34f85942ea8f97a7137b04ccf6c78c845b743af2ade8ba0a24ca25
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed