ID CVE-2015-7236
Summary Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
References
Vulnerable Configurations
  • cpe:2.3:a:rpcbind_project:rpcbind:0.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:rpcbind_project:rpcbind:0.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rpcbind_project:rpcbind:0.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:rpcbind_project:rpcbind:0.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rpcbind_project:rpcbind:0.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:rpcbind_project:rpcbind:0.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rpcbind_project:rpcbind:0.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:rpcbind_project:rpcbind:0.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rpcbind_project:rpcbind:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:rpcbind_project:rpcbind:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rpcbind_project:rpcbind:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:rpcbind_project:rpcbind:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 07-07-2021 - 14:04)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1264345
title CVE-2015-7236 rpcbind: Use-after-free vulnerability in PMAP_CALLIT
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment rpcbind is earlier than 0:0.2.0-11.el6_7
      oval oval:com.redhat.rhsa:tst:20160005001
    • comment rpcbind is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20160005002
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • comment rpcbind is earlier than 0:0.2.0-33.el7_2
      oval oval:com.redhat.rhsa:tst:20160005004
    • comment rpcbind is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20160005002
rhsa
id RHSA-2016:0005
released 2016-01-07
severity Moderate
title RHSA-2016:0005: rpcbind security update (Moderate)
rpms
  • rpcbind-0:0.2.0-11.el6_7
  • rpcbind-0:0.2.0-33.el7_2
  • rpcbind-debuginfo-0:0.2.0-11.el6_7
  • rpcbind-debuginfo-0:0.2.0-33.el7_2
refmap via4
bid 76771
confirm
debian DSA-3366
fedora
  • FEDORA-2015-36b145bd37
  • FEDORA-2015-9eee2fbc78
freebsd FreeBSD-SA-15:24
gentoo GLSA-201611-17
mlist
  • [linux-nfs] 20150810 [PATCH] Fix memory corruption in PMAP_CALLIT code
  • [oss-security] 20150917 CVE Request: remote triggerable use-after-free in rpcbind
  • [oss-security] 20150917 Re: CVE Request: remote triggerable use-after-free in rpcbind
sectrack 1033673
ubuntu USN-2756-1
Last major update 07-07-2021 - 14:04
Published 01-10-2015 - 20:59
Last modified 07-07-2021 - 14:04
Back to Top