GLSA-201706-07 : Libtirpc and RPCBind: Denial of Service
High Nessus Plugin ID 100650
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201706-07 (Libtirpc and RPCBind: Denial of Service)
It was found that due to the way RPCBind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages.
A remote attacker could send thousands of messages to RPCBind, possibly resulting in a Denial of Service condition.
There is no known workaround at this time.
SolutionAll RPCBind users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-nds/rpcbind-0.2.4-r1' All Libtirpc users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-libs/libtirpc-1.0.1-r1'