ID CVE-2015-7236
Summary Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>
References
Vulnerable Configurations
  • cpe:2.3:a:rpcbind_project:rpcbind:0.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:rpcbind_project:rpcbind:0.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rpcbind_project:rpcbind:0.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:rpcbind_project:rpcbind:0.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rpcbind_project:rpcbind:0.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:rpcbind_project:rpcbind:0.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rpcbind_project:rpcbind:0.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:rpcbind_project:rpcbind:0.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rpcbind_project:rpcbind:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:rpcbind_project:rpcbind:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rpcbind_project:rpcbind:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:rpcbind_project:rpcbind:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:solaris_operating_system:10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:solaris_operating_system:10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:solaris_operating_system:11.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:solaris_operating_system:11.3:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 01-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1264345
title CVE-2015-7236 rpcbind: Use-after-free vulnerability in PMAP_CALLIT
oval
OR
  • AND
    • comment rpcbind is earlier than 0:0.2.0-11.el6_7
      oval oval:com.redhat.rhsa:tst:20160005005
    • comment rpcbind is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20160005006
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
  • AND
    • comment rpcbind is earlier than 0:0.2.0-33.el7_2
      oval oval:com.redhat.rhsa:tst:20160005011
    • comment rpcbind is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20160005006
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
rhsa
id RHSA-2016:0005
released 2016-01-07
severity Moderate
title RHSA-2016:0005: rpcbind security update (Moderate)
rpms
  • rpcbind-0:0.2.0-11.el6_7
  • rpcbind-0:0.2.0-33.el7_2
refmap via4
bid 76771
confirm
debian DSA-3366
fedora
  • FEDORA-2015-36b145bd37
  • FEDORA-2015-9eee2fbc78
freebsd FreeBSD-SA-15:24
gentoo GLSA-201611-17
mlist
  • [linux-nfs] 20150810 [PATCH] Fix memory corruption in PMAP_CALLIT code
  • [oss-security] 20150917 CVE Request: remote triggerable use-after-free in rpcbind
  • [oss-security] 20150917 Re: CVE Request: remote triggerable use-after-free in rpcbind
sectrack 1033673
ubuntu USN-2756-1
Last major update 01-07-2017 - 01:29
Published 01-10-2015 - 20:59
Back to Top