CentOS Local Security Checks : CentOS Update for rpcbind CESA-2017:1267 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.882722

Categoría: CentOS Local Security Checks

Título: CentOS Update for rpcbind CESA-2017:1267 centos6

Resumen: Check the version of rpcbind

Descripción: Summary:
Check the version of rpcbind

Vulnerability Insight:
The rpcbind utility is a server that
converts Remote Procedure Call (RPC) program numbers into universal addresses.
It must be running on the host to be able to make RPC calls on a server on that
machine. Security Fix(es): * It was found that due to the way rpcbind uses
libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR
messages. An attacker sending thousands of messages to rpcbind could cause its
memory usage to grow without bound, eventually causing it to be terminated by
the OOM killer. (CVE-2017-8779)

Affected Software/OS:
rpcbind on CentOS 6

Solution:
Please Install the Updated Packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-8779
BugTraq ID: 98325
http://www.securityfocus.com/bid/98325
Debian Security Information: DSA-3845 (Google Search)
http://www.debian.org/security/2017/dsa-3845
https://www.exploit-db.com/exploits/41974/
https://security.gentoo.org/glsa/201706-07
http://openwall.com/lists/oss-security/2017/05/03/12
http://openwall.com/lists/oss-security/2017/05/04/1
https://github.com/drbothen/GO-RPCBOMB
https://github.com/guidovranken/rpcbomb/
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
RedHat Security Advisories: RHBA-2017:1497
https://access.redhat.com/errata/RHBA-2017:1497
RedHat Security Advisories: RHSA-2017:1262
https://access.redhat.com/errata/RHSA-2017:1262
RedHat Security Advisories: RHSA-2017:1263
https://access.redhat.com/errata/RHSA-2017:1263
RedHat Security Advisories: RHSA-2017:1267
https://access.redhat.com/errata/RHSA-2017:1267
RedHat Security Advisories: RHSA-2017:1268
https://access.redhat.com/errata/RHSA-2017:1268
RedHat Security Advisories: RHSA-2017:1395
https://access.redhat.com/errata/RHSA-2017:1395
http://www.securitytracker.com/id/1038532
https://usn.ubuntu.com/3759-1/
https://usn.ubuntu.com/3759-2/

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.882722
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for rpcbind CESA-2017:1267 centos6
Resumen:	Check the version of rpcbind
Descripción:	Summary: Check the version of rpcbind Vulnerability Insight: The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es): * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Affected Software/OS: rpcbind on CentOS 6 Solution: Please Install the Updated Packages. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-8779 BugTraq ID: 98325 http://www.securityfocus.com/bid/98325 Debian Security Information: DSA-3845 (Google Search) http://www.debian.org/security/2017/dsa-3845 https://www.exploit-db.com/exploits/41974/ https://security.gentoo.org/glsa/201706-07 http://openwall.com/lists/oss-security/2017/05/03/12 http://openwall.com/lists/oss-security/2017/05/04/1 https://github.com/drbothen/GO-RPCBOMB https://github.com/guidovranken/rpcbomb/ https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ RedHat Security Advisories: RHBA-2017:1497 https://access.redhat.com/errata/RHBA-2017:1497 RedHat Security Advisories: RHSA-2017:1262 https://access.redhat.com/errata/RHSA-2017:1262 RedHat Security Advisories: RHSA-2017:1263 https://access.redhat.com/errata/RHSA-2017:1263 RedHat Security Advisories: RHSA-2017:1267 https://access.redhat.com/errata/RHSA-2017:1267 RedHat Security Advisories: RHSA-2017:1268 https://access.redhat.com/errata/RHSA-2017:1268 RedHat Security Advisories: RHSA-2017:1395 https://access.redhat.com/errata/RHSA-2017:1395 http://www.securitytracker.com/id/1038532 https://usn.ubuntu.com/3759-1/ https://usn.ubuntu.com/3759-2/
Copyright	Copyright (C) 2017 Greenbone AG