CentOS Local Security Checks : CentOS Update for libtirpc CESA-2017:1263 centos7

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.882717

Categoría: CentOS Local Security Checks

Título: CentOS Update for libtirpc CESA-2017:1263 centos7

Resumen: Check the version of libtirpc

Descripción: Summary:
Check the version of libtirpc

Vulnerability Insight:
The libtirpc packages contain SunLib's
implementation of transport-independent remote procedure call (TI-RPC)
documentation, which includes a library required by programs in the
nfs-utils and rpcbind packages.

Security Fix(es):

* It was found that due to the way rpcbind uses libtirpc (libntirpc), a
memory leak can occur when parsing specially crafted XDR messages. An
attacker sending thousands of messages to rpcbind could cause its memory
usage to grow without bound, eventually causing it to be terminated by the
OOM killer. (CVE-2017-8779)

Affected Software/OS:
libtirpc on CentOS 7

Solution:
Please Install the Updated Packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-8779
BugTraq ID: 98325
http://www.securityfocus.com/bid/98325
Debian Security Information: DSA-3845 (Google Search)
http://www.debian.org/security/2017/dsa-3845
https://www.exploit-db.com/exploits/41974/
https://security.gentoo.org/glsa/201706-07
http://openwall.com/lists/oss-security/2017/05/03/12
http://openwall.com/lists/oss-security/2017/05/04/1
https://github.com/drbothen/GO-RPCBOMB
https://github.com/guidovranken/rpcbomb/
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
RedHat Security Advisories: RHBA-2017:1497
https://access.redhat.com/errata/RHBA-2017:1497
RedHat Security Advisories: RHSA-2017:1262
https://access.redhat.com/errata/RHSA-2017:1262
RedHat Security Advisories: RHSA-2017:1263
https://access.redhat.com/errata/RHSA-2017:1263
RedHat Security Advisories: RHSA-2017:1267
https://access.redhat.com/errata/RHSA-2017:1267
RedHat Security Advisories: RHSA-2017:1268
https://access.redhat.com/errata/RHSA-2017:1268
RedHat Security Advisories: RHSA-2017:1395
https://access.redhat.com/errata/RHSA-2017:1395
http://www.securitytracker.com/id/1038532
https://usn.ubuntu.com/3759-1/
https://usn.ubuntu.com/3759-2/

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.882717
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for libtirpc CESA-2017:1263 centos7
Resumen:	Check the version of libtirpc
Descripción:	Summary: Check the version of libtirpc Vulnerability Insight: The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call (TI-RPC) documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix(es): * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Affected Software/OS: libtirpc on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-8779 BugTraq ID: 98325 http://www.securityfocus.com/bid/98325 Debian Security Information: DSA-3845 (Google Search) http://www.debian.org/security/2017/dsa-3845 https://www.exploit-db.com/exploits/41974/ https://security.gentoo.org/glsa/201706-07 http://openwall.com/lists/oss-security/2017/05/03/12 http://openwall.com/lists/oss-security/2017/05/04/1 https://github.com/drbothen/GO-RPCBOMB https://github.com/guidovranken/rpcbomb/ https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ RedHat Security Advisories: RHBA-2017:1497 https://access.redhat.com/errata/RHBA-2017:1497 RedHat Security Advisories: RHSA-2017:1262 https://access.redhat.com/errata/RHSA-2017:1262 RedHat Security Advisories: RHSA-2017:1263 https://access.redhat.com/errata/RHSA-2017:1263 RedHat Security Advisories: RHSA-2017:1267 https://access.redhat.com/errata/RHSA-2017:1267 RedHat Security Advisories: RHSA-2017:1268 https://access.redhat.com/errata/RHSA-2017:1268 RedHat Security Advisories: RHSA-2017:1395 https://access.redhat.com/errata/RHSA-2017:1395 http://www.securitytracker.com/id/1038532 https://usn.ubuntu.com/3759-1/ https://usn.ubuntu.com/3759-2/
Copyright	Copyright (C) 2017 Greenbone AG