ID |
CVE-2015-7236
|
Summary |
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:rpcbind_project:rpcbind:0.1.4:*:*:*:*:*:*:*
cpe:2.3:a:rpcbind_project:rpcbind:0.1.4:*:*:*:*:*:*:*
-
cpe:2.3:a:rpcbind_project:rpcbind:0.1.5:*:*:*:*:*:*:*
cpe:2.3:a:rpcbind_project:rpcbind:0.1.5:*:*:*:*:*:*:*
-
cpe:2.3:a:rpcbind_project:rpcbind:0.1.6:*:*:*:*:*:*:*
cpe:2.3:a:rpcbind_project:rpcbind:0.1.6:*:*:*:*:*:*:*
-
cpe:2.3:a:rpcbind_project:rpcbind:0.1.7:*:*:*:*:*:*:*
cpe:2.3:a:rpcbind_project:rpcbind:0.1.7:*:*:*:*:*:*:*
-
cpe:2.3:a:rpcbind_project:rpcbind:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:rpcbind_project:rpcbind:0.2.0:*:*:*:*:*:*:*
-
cpe:2.3:a:rpcbind_project:rpcbind:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rpcbind_project:rpcbind:0.2.1:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
-
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
-
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
-
cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
|
CVSS |
Base: | 5.0 (as of 07-07-2021 - 14:04) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
redhat
via4
|
advisories | bugzilla | id | 1264345 | title | CVE-2015-7236 rpcbind: Use-after-free vulnerability in PMAP_CALLIT |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 6 is installed | oval | oval:com.redhat.rhba:tst:20111656003 |
comment | rpcbind is earlier than 0:0.2.0-11.el6_7 | oval | oval:com.redhat.rhsa:tst:20160005001 |
comment | rpcbind is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20160005002 |
|
AND | comment | Red Hat Enterprise Linux 7 is installed | oval | oval:com.redhat.rhba:tst:20150364027 |
comment | rpcbind is earlier than 0:0.2.0-33.el7_2 | oval | oval:com.redhat.rhsa:tst:20160005004 |
comment | rpcbind is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20160005002 |
|
|
| rhsa | id | RHSA-2016:0005 | released | 2016-01-07 | severity | Moderate | title | RHSA-2016:0005: rpcbind security update (Moderate) |
|
| rpms | - rpcbind-0:0.2.0-11.el6_7
- rpcbind-0:0.2.0-33.el7_2
- rpcbind-debuginfo-0:0.2.0-11.el6_7
- rpcbind-debuginfo-0:0.2.0-33.el7_2
|
|
refmap
via4
|
bid | 76771 | confirm | | debian | DSA-3366 | fedora | - FEDORA-2015-36b145bd37
- FEDORA-2015-9eee2fbc78
| freebsd | FreeBSD-SA-15:24 | gentoo | GLSA-201611-17 | mlist | - [linux-nfs] 20150810 [PATCH] Fix memory corruption in PMAP_CALLIT code
- [oss-security] 20150917 CVE Request: remote triggerable use-after-free in rpcbind
- [oss-security] 20150917 Re: CVE Request: remote triggerable use-after-free in rpcbind
| sectrack | 1033673 | ubuntu | USN-2756-1 |
|
Last major update |
07-07-2021 - 14:04 |
Published |
01-10-2015 - 20:59 |
Last modified |
07-07-2021 - 14:04 |