ID CVE-2013-1950
Summary The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:libtirpc:0.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libtirpc:0.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libtirpc:0.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libtirpc:0.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libtirpc:0.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libtirpc:0.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libtirpc:0.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libtirpc:0.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libtirpc:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libtirpc:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libtirpc:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libtirpc:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libtirpc:0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libtirpc:0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libtirpc:0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libtirpc:0.2.3:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-10-2013 - 15:18)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 948378
title CVE-2013-1950 libtirpc: invalid pointer free leads to rpcbind daemon crash
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment libtirpc is earlier than 0:0.2.1-6.el6_4
        oval oval:com.redhat.rhsa:tst:20130884005
      • comment libtirpc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171991008
    • AND
      • comment libtirpc-devel is earlier than 0:0.2.1-6.el6_4
        oval oval:com.redhat.rhsa:tst:20130884007
      • comment libtirpc-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171991006
rhsa
id RHSA-2013:0884
released 2013-05-30
severity Moderate
title RHSA-2013:0884: libtirpc security update (Moderate)
rpms
  • libtirpc-0:0.2.1-6.el6_4
  • libtirpc-devel-0:0.2.1-6.el6_4
refmap via4
confirm
Last major update 11-10-2013 - 15:18
Published 09-07-2013 - 17:55
Back to Top