ID CVE-2017-8779
Summary rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
References
Vulnerable Configurations
  • RPCBind Project RPCBind 0.2.4
    cpe:2.3:a:rpcbind_project:rpcbind:0.2.4
  • libtirpc Project libtirpc 1.0.1
    cpe:2.3:a:libtirpc_project:libtirpc:1.0.1
  • cpe:2.3:a:ntirpc_project:ntirpc:1.4.3
    cpe:2.3:a:ntirpc_project:ntirpc:1.4.3
CVSS
Base: 7.8
Impact:
Exploitability:
CWE CWE-399
CAPEC
exploit-db via4
description RPCBind / libtirpc - Denial of Service. CVE-2017-8779. Dos exploit for Linux platform. Tags: Denial of Service (DoS)
file exploits/linux/dos/41974.rb
id EDB-ID:41974
last seen 2017-05-08
modified 2017-05-08
platform linux
port 111
published 2017-05-08
reporter Exploit-DB
source https://www.exploit-db.com/download/41974/
title RPCBind / libtirpc - Denial of Service
type dos
metasploit via4
description This module exploits a vulnerability in certain versions of rpcbind, LIBTIRPC, and NTIRPC, allowing an attacker to trigger large (and never freed) memory allocations for XDR strings on the target.
id MSF:AUXILIARY/DOS/RPC/RPCBOMB
last seen 2019-03-21
modified 2017-07-24
published 2017-06-05
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/rpc/rpcbomb.rb
title RPC DoS targeting *nix rpcbind/libtirpc
nessus via4
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0017.NASL
    description An update of [rpcbind,libtirpc,freetype2] packages for PhotonOS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111866
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111866
    title Photon OS 1.0: Freetype2 / Libtirpc / Rpcbind PHSA-2017-0017 (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1328-1.NASL
    description This update for rpcbind fixes the following issues : - CVE-2017-8779: A crafted UDP package could lead rcpbind to remote denial-of-service (bsc#1037559) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100289
    published 2017-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100289
    title SUSE SLED12 / SLES12 Security Update : rpcbind (SUSE-SU-2017:1328-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1267.NASL
    description From Red Hat Security Advisory 2017:1267 : An update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1435 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 100368
    published 2017-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100368
    title Oracle Linux 6 : rpcbind (ELSA-2017-1267)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0017_RPCBIND.NASL
    description An update of the rpcbind package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121697
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121697
    title Photon OS 1.0: Rpcbind PHSA-2017-0017
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1263.NASL
    description An update for libtirpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call (TI-RPC) documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100318
    published 2017-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100318
    title RHEL 7 : libtirpc (RHSA-2017:1263)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1314-1.NASL
    description This update for libtirpc fixes the following issues : - CVE-2017-8779: crafted UDP packaged could lead rpcbind to denial-of-service (bsc#1037559) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100244
    published 2017-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100244
    title SUSE SLED12 / SLES12 Security Update : libtirpc (SUSE-SU-2017:1314-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1263.NASL
    description From Red Hat Security Advisory 2017:1263 : An update for libtirpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call (TI-RPC) documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 100342
    published 2017-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100342
    title Oracle Linux 7 : libtirpc (ELSA-2017-1263)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1103.NASL
    description According to the version of the rpcbind package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 100696
    published 2017-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100696
    title EulerOS 2.0 SP2 : rpcbind (EulerOS-SA-2017-1103)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-937.NASL
    description Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings). For Debian 7 'Wheezy', these problems have been fixed in version 0.2.0-8+deb7u2. We recommend that you upgrade your rpcbind packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 100109
    published 2017-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100109
    title Debian DLA-937-1 : rpcbind security update
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-1262.NASL
    description An update for rpcbind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1436 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 101466
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101466
    title Virtuozzo 7 : rpcbind (VZLSA-2017-1262)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201706-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201706-07 (Libtirpc and RPCBind: Denial of Service) It was found that due to the way RPCBind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. Impact : A remote attacker could send thousands of messages to RPCBind, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 100650
    published 2017-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100650
    title GLSA-201706-07 : Libtirpc and RPCBind: Denial of Service
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0107.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix for CVE-2017-8779 (bz 1449461) - Soft static allocate rpc uid/gid (bz 1300533) - Fix memory corruption in PMAP_CALLIT code (bz 1186933)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 100398
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100398
    title OracleVM 3.3 / 3.4 : rpcbind (OVMSA-2017-0107)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-1268.NASL
    description An update for libtirpc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call (TI-RPC) documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 101471
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101471
    title Virtuozzo 6 : libtirpc / libtirpc-devel (VZLSA-2017-1268)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-841.NASL
    description It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 100642
    published 2017-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100642
    title Amazon Linux AMI : rpcbind (ALAS-2017-841)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1268.NASL
    description An update for libtirpc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call (TI-RPC) documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100371
    published 2017-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100371
    title RHEL 6 : libtirpc (RHSA-2017:1268)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1336-1.NASL
    description This update for rpcbind fixes the following issues : - CVE-2017-8779: A crafted UDP package could lead rcpbind to remote denial-of-service (bsc#1037559) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100291
    published 2017-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100291
    title SUSE SLED12 / SLES12 Security Update : rpcbind (SUSE-SU-2017:1336-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1097.NASL
    description According to the version of the libtirpc package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 100690
    published 2017-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100690
    title EulerOS 2.0 SP2 : libtirpc (EulerOS-SA-2017-1097)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170521_LIBTIRPC_ON_SL7_X.NASL
    description Security Fix(es) : - It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 100347
    published 2017-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100347
    title Scientific Linux Security Update : libtirpc on SL7.x x86_64
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-840.NASL
    description Memory leak when failing to parse XDR strings or bytearrays It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 100641
    published 2017-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100641
    title Amazon Linux AMI : libtirpc (ALAS-2017-840)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1262.NASL
    description From Red Hat Security Advisory 2017:1262 : An update for rpcbind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16 June 2017] The packages distributed with this errata have a bug that can cause the rpcbind utility to terminate unexpectedly at start. RHBA-2017:1436 was released on 13 June 2017 to address this issue. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es) : * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM