Sicherheit: Denial of Service in rpcbind

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1381754792947336813==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="pZRO5w5jtolCrlWk0pi8jZoANhCNqDfjW"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--pZRO5w5jtolCrlWk0pi8jZoANhCNqDfjW
Content-Type: multipart/mixed;
boundary="LxRGf2Tij1zqYepZ3b2MGZN7nFVsULHtJ";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <8c97cf88-d8bf-ac5d-d81a-b10ae67f1e31@canonical.com>
Subject: [USN-4986-1] rpcbind vulnerability

--LxRGf2Tij1zqYepZ3b2MGZN7nFVsULHtJ
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4986-1
June 09, 2021

rpcbind vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

rpcbind could be made to consume resources and crash if it received
specially crafted network traffic.

Software Description:
- rpcbind: converts RPC program numbers into universal addresses

Details:

It was discovered that rpcbind incorrectly handled certain large data
sizes. A remote attacker could use this issue to cause rpcbind to consume
resources, leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
rpcbind 0.2.3-0.6ubuntu0.18.04.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-4986-1
CVE-2017-8779

Package Information:
https://launchpad.net/ubuntu/+source/rpcbind/0.2.3-0.6ubuntu0.18.04.2

--LxRGf2Tij1zqYepZ3b2MGZN7nFVsULHtJ--

--pZRO5w5jtolCrlWk0pi8jZoANhCNqDfjW
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmDApGoACgkQZWnYVadE
vpPGvg/9E7f9UIXVERsi41qQw7gNApnGcXfz9fWfh7jnGItcPwmyX4cCG+iU5IH+
mgjzDrCFzVZGrTP9uheCqlO6/VIfeie7zWOylw03tVq8H1SsY/e9/wfKvTejM7Cf
MUFvk21MswPkkIRW07+mb6Xc52IHokXXC+UhXmoja98aQw0pssOxOovWWF77Wzwp
95XLNnmdWvEI7TxGLbEBqVOa8UufRkxGQXvPpdQiIBTNITBkA8N8DkQ5lAJgQEC9
vdNXjxhFLVKlEcu3lDlr7liFCbFyC5onCQx2l/QHBsJO25ygX231tkDxU0jbaXMM
/6r4sZfYu0zmNkSylwaakyBIxKzEqsNvrfkpPjVwj11Tqg2oGenNGPy3o6Mzb3nA
A0pU2h+iuS6BIjYLkrTRG7MA3ukhRHkav4zOW9E9f2XtSK6yAAv+4IffJUZ+ON9v
1cruv6Q/sDY1WvGIZHm2DX8+D3fvoDs13nQhiPeBGvYZ5yDzRwhu+SapN7ubHE6C
5835ejfuAzIU36ikdpj5qZ55AHGuup/RNMqDuRJ1i7hq4QUztvmECz9NGFG7gdc3
bmbZoacYXTysOJAvd3dY+4hh2ssnW1mxDqu0QSX8qUU7eg3oV88Jd+w/ZilGBVNJ
7GeG2e1mjpb4zOjYcopJcYWPeyLDoAJuHY7BvQWRcnjqdh5p7Qw=
=Ewf9
-----END PGP SIGNATURE-----

--pZRO5w5jtolCrlWk0pi8jZoANhCNqDfjW--

--===============1381754792947336813==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============1381754792947336813==--