CentOS Local Security Checks : CentOS Update for rpcbind CESA-2016:0005 centos7

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.882364

Categoría: CentOS Local Security Checks

Título: CentOS Update for rpcbind CESA-2016:0005 centos7

Resumen: Check the version of rpcbind

Descripción: Summary:
Check the version of rpcbind

Vulnerability Insight:
The rpcbind utility is a server that
converts RPC program numbers into universal addresses. It must be running on the
host to be able to make RPC calls on a server on that machine.

A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP
connections was discovered in rpcbind. A remote attacker could possibly
exploit this flaw to crash the rpcbind service by performing a series of
UDP and TCP calls. (CVE-2015-7236)

All rpcbind users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. If the rpcbind service
is running, it will be automatically restarted after installing this
update.

Affected Software/OS:
rpcbind on CentOS 7

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-7236
BugTraq ID: 76771
http://www.securityfocus.com/bid/76771
Debian Security Information: DSA-3366 (Google Search)
http://www.debian.org/security/2015/dsa-3366
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171030.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172152.html
FreeBSD Security Advisory: FreeBSD-SA-15:24
https://security.FreeBSD.org/advisories/FreeBSD-SA-15:24.rpcbind.asc
https://security.gentoo.org/glsa/201611-17
http://www.spinics.net/lists/linux-nfs/msg53045.html
http://www.openwall.com/lists/oss-security/2015/09/17/1
http://www.openwall.com/lists/oss-security/2015/09/17/6
http://www.securitytracker.com/id/1033673
http://www.ubuntu.com/usn/USN-2756-1

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.882364
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for rpcbind CESA-2016:0005 centos7
Resumen:	Check the version of rpcbind
Descripción:	Summary: Check the version of rpcbind Vulnerability Insight: The rpcbind utility is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote attacker could possibly exploit this flaw to crash the rpcbind service by performing a series of UDP and TCP calls. (CVE-2015-7236) All rpcbind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the rpcbind service is running, it will be automatically restarted after installing this update. Affected Software/OS: rpcbind on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7236 BugTraq ID: 76771 http://www.securityfocus.com/bid/76771 Debian Security Information: DSA-3366 (Google Search) http://www.debian.org/security/2015/dsa-3366 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171030.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172152.html FreeBSD Security Advisory: FreeBSD-SA-15:24 https://security.FreeBSD.org/advisories/FreeBSD-SA-15:24.rpcbind.asc https://security.gentoo.org/glsa/201611-17 http://www.spinics.net/lists/linux-nfs/msg53045.html http://www.openwall.com/lists/oss-security/2015/09/17/1 http://www.openwall.com/lists/oss-security/2015/09/17/6 http://www.securitytracker.com/id/1033673 http://www.ubuntu.com/usn/USN-2756-1
Copyright	Copyright (C) 2016 Greenbone AG