Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2017-8779HistoryMay 04, 2017 - 2:29 p.m.
CVE-2017-8779
2017-05-0414:29:00
Debian Security Bug Tracker
security-tracker.debian.org
12
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.551 Medium
EPSS
Percentile
97.7%
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | libtirpc | <ย 0.2.5-1.2 | libtirpc_0.2.5-1.2_all.deb |
| Debian | 11 | all | libtirpc | <ย 0.2.5-1.2 | libtirpc_0.2.5-1.2_all.deb |
| Debian | 999 | all | libtirpc | <ย 0.2.5-1.2 | libtirpc_0.2.5-1.2_all.deb |
| Debian | 13 | all | libtirpc | <ย 0.2.5-1.2 | libtirpc_0.2.5-1.2_all.deb |
| Debian | 12 | all | ntirpc | <ย 1.4.4-1 | ntirpc_1.4.4-1_all.deb |
| Debian | 11 | all | ntirpc | <ย 1.4.4-1 | ntirpc_1.4.4-1_all.deb |
| Debian | 999 | all | ntirpc | <ย 1.4.4-1 | ntirpc_1.4.4-1_all.deb |
| Debian | 13 | all | ntirpc | <ย 1.4.4-1 | ntirpc_1.4.4-1_all.deb |
| Debian | 12 | all | rpcbind | <ย 0.2.3-0.6 | rpcbind_0.2.3-0.6_all.deb |
| Debian | 11 | all | rpcbind | <ย 0.2.3-0.6 | rpcbind_0.2.3-0.6_all.deb |
Related
openvas
openvas
RedHat Update for libtirpc RHSA-2017:1263-01
2017-05-22 00:00:00
Huawei EulerOS: Security Advisory for rpcbind (EulerOS-SA-2020-1614)
2020-06-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1336-1)
2021-04-19 00:00:00
nessus
nessus
Debian DSA-3845-1 : libtirpc - security update
2017-05-09 00:00:00
Fedora 26 : rpcbind (2017-36cba32910)
2017-07-17 00:00:00
EulerOS 2.0 SP5 : rpcbind (EulerOS-SA-2020-1614)
2020-06-02 00:00:00
amazon
amazon
Important: rpcbind
2017-06-06 17:03:00
Important: libtirpc
2017-06-06 17:00:00
nvd
nvd
CVE-2017-8779
2017-05-04 14:29:00
CVE-2017-8804
2017-05-07 18:29:00
centos
centos
libtirpc security update
2017-05-23 15:00:44
libtirpc security update
2017-05-22 16:28:17
rpcbind security update
2017-05-22 16:28:00
ubuntu
ubuntu
rpcbind vulnerability
2021-06-09 00:00:00
rpcbind vulnerability
2021-06-09 00:00:00
libtirpc vulnerabilities
2018-09-05 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: libtirpc-1.0.1-4.rc3.fc25
2017-05-19 23:05:42
[SECURITY] Fedora 25 Update: rpcbind-0.2.4-5.rc1.fc25
2017-05-15 04:45:03
[SECURITY] Fedora 26 Update: libtirpc-1.0.1-4.rc3.fc26
2017-06-09 19:48:22
ibm
ibm
Security Bulletin: A vulnerability in libtirpc affects PowerKVM
2018-06-18 01:36:15
Security Bulletin: Vulnerability in libtirpc affects Power Hardware Management Console (CVE-2017-8779)
2021-09-23 01:45:02
Security Bulletin: A vulnerability in rpcbind affects PowerKVM
2018-06-18 01:36:15
suse
suse
Security update for libtirpc (important)
2017-05-23 21:11:32
Security update for libtirpc, rpcbind (important)
2017-05-31 21:10:59
Security update for rpcbind (important)
2017-05-18 18:09:51
redhat
redhat
(RHSA-2017:1268) Important: libtirpc security update
2017-05-23 06:04:05
(RHSA-2017:1395) Important: libntirpc security update
2017-06-06 07:45:07
(RHSA-2017:1267) Important: rpcbind security update
2017-05-23 06:03:41
archlinux
archlinux
[ASA-201705-6] lib32-libtirpc: denial of service
2017-05-07 00:00:00
[ASA-201705-4] rpcbind: denial of service
2017-05-07 00:00:00
[ASA-201705-5] libtirpc: denial of service
2017-05-07 00:00:00
osv
osv
libtirpc - security update
2017-05-10 00:00:00
rpcbind - security update
2017-05-10 00:00:00
libtirpc - security update
2017-05-08 00:00:00
mageia
mageia
Updated rpcbind/libtirpc packages fix security vulnerability
2017-06-27 00:37:03
Updated glibc packages fixes critical security vulnerabilities
2017-06-27 00:37:03
cvelist
cvelist
CVE-2017-8779
2017-05-04 14:00:00
CVE-2017-8804
2017-05-07 18:00:00
cve
cve
CVE-2017-8779
2017-05-04 14:29:00
CVE-2017-8804
2017-05-07 18:29:00
oraclelinux
oraclelinux
libtirpc security update
2017-05-22 00:00:00
rpcbind security update
2017-05-23 00:00:00
rpcbind security update
2017-05-22 00:00:00
debian
debian
[SECURITY] [DSA 3845-1] libtirpc security update
2017-05-08 20:16:33
[SECURITY] [DLA 937-1] rpcbind security update
2017-05-10 12:00:44
[SECURITY] [DLA 936-1] libtirpc security update
2017-05-10 11:58:25
slackware
slackware
[slackware-security] rpcbind
2017-07-10 22:56:01
[slackware-security] libtirpc
2017-07-10 22:54:34
checkpoint_advisories
checkpoint_advisories
Rpcbind XDR Parsing Memory Exhaustion Denial of Service (CVE-2017-8779)
2017-08-07 00:00:00
RPCbind XDR Parsing Memory Exhaustion Denial of Service (CVE-2017-8779)
2020-09-01 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1962
2021-07-02 18:04:30
packetstorm
packetstorm
RPCBind / libtirpc Denial Of Service
2017-05-08 00:00:00
hackerone
hackerone
Endless Group: CVE-2017-8779 exploit on open rpcbind port could lead to remote DoS
2020-02-10 09:22:35
Internet Bug Bounty: rpcbind "rpcbomb" CVE-2017-8779, CVE-2017-8804
2017-05-31 18:50:34
prion
prion
Code injection
2017-05-04 14:29:00
Deserialization of untrusted data
2017-05-07 18:29:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:15:08
zdt
zdt
RPCBind / libtirpc - Denial of Service Exploit
2017-05-09 00:00:00
gentoo
gentoo
Libtirpc and RPCBind: Denial of Service
2017-06-06 00:00:00
alpinelinux
alpinelinux
CVE-2017-8779
2017-05-04 14:29:00
ubuntucve
ubuntucve
CVE-2017-8779
2017-05-04 00:00:00
CVE-2017-8804
2017-05-07 00:00:00
f5
f5
K51100910 : rpcbind vulnerabilities CVE-2017-8779 and CVE-2017-8804
2017-05-24 00:00:00
redhatcve
redhatcve
CVE-2017-8804
2017-05-08 08:25:40
rapid7community
rapid7community
Metasploit Wrapup
2017-06-16 15:04:15
photon
photon
cloudfoundry
cloudfoundry
USN-3759-1: libtirpc vulnerabilities | Cloud Foundry
2018-09-27 00:00:00
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.551 Medium
EPSS
Percentile
97.7%
Related for DEBIANCVE:CVE-2017-8779