Test ID:	1.3.6.1.4.1.25623.1.0.882722
Category:	CentOS Local Security Checks
Title:	CentOS Update for rpcbind CESA-2017:1267 centos6
Summary:	Check the version of rpcbind
Description:	Summary: Check the version of rpcbind Vulnerability Insight: The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es): * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) Affected Software/OS: rpcbind on CentOS 6 Solution: Please Install the Updated Packages. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-8779 BugTraq ID: 98325 http://www.securityfocus.com/bid/98325 Debian Security Information: DSA-3845 (Google Search) http://www.debian.org/security/2017/dsa-3845 https://www.exploit-db.com/exploits/41974/ https://security.gentoo.org/glsa/201706-07 http://openwall.com/lists/oss-security/2017/05/03/12 http://openwall.com/lists/oss-security/2017/05/04/1 https://github.com/drbothen/GO-RPCBOMB https://github.com/guidovranken/rpcbomb/ https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ RedHat Security Advisories: RHBA-2017:1497 https://access.redhat.com/errata/RHBA-2017:1497 RedHat Security Advisories: RHSA-2017:1262 https://access.redhat.com/errata/RHSA-2017:1262 RedHat Security Advisories: RHSA-2017:1263 https://access.redhat.com/errata/RHSA-2017:1263 RedHat Security Advisories: RHSA-2017:1267 https://access.redhat.com/errata/RHSA-2017:1267 RedHat Security Advisories: RHSA-2017:1268 https://access.redhat.com/errata/RHSA-2017:1268 RedHat Security Advisories: RHSA-2017:1395 https://access.redhat.com/errata/RHSA-2017:1395 http://www.securitytracker.com/id/1038532 https://usn.ubuntu.com/3759-1/ https://usn.ubuntu.com/3759-2/
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.