Description: this allowed an attacker to easily disrupt a remote system through excessive memory consumption. Writeup: https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ Demonstration video: https://www.youtube.com/watch?v=b38H3oEgrQw (this video shows that the attack doesn't necessarily just crashes the rpcbind process, but that the entire system can slow down severely because it has to resort to swap memory, even if overcommit is enabled. This implies scope=changed in the CVSS. But I filled out unchanged to be consistent with the official assessment) CVSS score: https://nvd.nist.gov/vuln/detail/CVE-2017-8779 rpcbind/libtirpc: CVE-2017-8779 http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=dd9c7cf4f8f375c6d641b760d124650c418c2ce3 (patches by me) GLIBC: CVE-2017-8804 https://sourceware.org/bugzilla/show_bug.cgi?id=21461

Related CVEs

Associated Common Vulnerabilities and Exposures

CVE-2017-8804 UNKNOWN

The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port …

CVE-2017-8779 UNKNOWN

rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to …

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Uncontrolled Resource Consumption