Published: 01/10/2015 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and previous versions allows remote malicious users to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rpcbind project rpcbind
canonical ubuntu linux 12.04
debian debian linux 7.0
canonical ubuntu linux 14.04
canonical ubuntu linux 15.04
oracle solaris 11.3
oracle solaris 10

Synopsis Moderate: rpcbind security update Type/Severity Security Advisory: Moderate Topic Updated rpcbind packages that fix one security issue are now available forRed Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Moderate securityimpact A Common Vulnerability Scori ...

Debian Bug report logs - #799307 rpcbind: CVE-2015-7236: remote triggerable use-after-free in rpcbind Package: src:rpcbind; Maintainer for src:rpcbind is Josue Ortega <josue@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 17 Sep 2015 18:18:01 UTC Severity: grave Tags: patch, security, up ...

rpcbind could be made to crash or run programs if it received specially crafted network traffic ...

A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind A remote, unauthenticated attacker could possibly exploit this flaw to crash the rpcbind service (denial of service) by performing a series of UDP and TCP calls ...

NVD-CWE-Other http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html https://security.gentoo.org/glsa/201611-17 http://www.spinics.net/lists/linux-nfs/msg53045.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172152.html http://www.openwall.com/lists/oss-security/2015/09/17/6 http://www.ubuntu.com/usn/USN-2756-1 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.openwall.com/lists/oss-security/2015/09/17/1 http://www.securityfocus.com/bid/76771 http://www.securitytracker.com/id/1033673 https://security.FreeBSD.org/advisories/FreeBSD-SA-15:24.rpcbind.asc http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171030.html http://www.debian.org/security/2015/dsa-3366 https://access.redhat.com/errata/RHSA-2016:0005 https://usn.ubuntu.com/2756-1/https://nvd.nist.gov

CVE-2015-7236

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect