Resource management error in libtirpc

#VU33685 Resource management error in libtirpc

Published: 2020-08-04

Vulnerability identifier: #VU33685

Vulnerability risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2013-1950

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
libtirpc
Universal components / Libraries / Libraries used by multiple products

Vendor: linux-nfs.org

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.

Mitigation
Install update from vendor's website.

Vulnerable software versions

libtirpc: 0.1.8 - 0.2.2

External links
http://git.infradead.org/users/steved/libtirpc.git/commitdiff/a9f437119d79a438cb12e510f3cadd4060102c9f
http://rhn.redhat.com/errata/RHSA-2013-0884.html
http://bugzilla.redhat.com/show_bug.cgi?id=948378

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Resource management error in linux-nfs libtirpc

Amazon Linux AMI update for libtirpc

Resource management error in libtirpc (Alpine package)