Test ID:	1.3.6.1.4.1.25623.1.0.881743
Category:	CentOS Local Security Checks
Title:	CentOS Update for libtirpc CESA-2013:0884 centos6
Summary:	The remote host is missing an update for the 'libtirpc'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'libtirpc' package(s) announced via the referenced advisory. Vulnerability Insight: These packages provide a transport-independent RPC (remote procedure call) implementation. A flaw was found in the way libtirpc decoded RPC requests. A specially-crafted RPC request could cause libtirpc to attempt to free a buffer provided by an application using the library, even when the buffer was not dynamically allocated. This could cause an application using libtirpc, such as rpcbind, to crash. (CVE-2013-1950) Red Hat would like to thank Michael Armstrong for reporting this issue. Users of libtirpc should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libtirpc must be restarted for the update to take effect. Affected Software/OS: libtirpc on CentOS 6 Solution: Please install the updated packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1950 RHSA-2013:0884 http://rhn.redhat.com/errata/RHSA-2013-0884.html http://git.infradead.org/users/steved/libtirpc.git/commitdiff/a9f437119d79a438cb12e510f3cadd4060102c9f https://bugzilla.redhat.com/show_bug.cgi?id=948378
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.