Multiple vulnerabilities in linux-nfs RPCBind

Published: 2019-10-29 | Updated: 2020-08-08

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2010-2061 CVE-2010-2064
CWE-ID	CWE-20 CWE-59
Exploitation vector	Local
Public exploit	N/A
Vulnerable software Subscribe	RPCBind Universal components / Libraries / Libraries used by multiple products
Vendor	linux-nfs.org

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU35139

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-2061

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RPCBind: 0.2.0

External links

http://access.redhat.com/security/cve/cve-2010-2061
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435#5
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2061
http://security-tracker.debian.org/tracker/CVE-2010-2061
http://www.openwall.com/lists/oss-security/2010/06/08/3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Link following

EUVDB-ID: #VU35140

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-2064

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')