[CVE assignment notification] CVE-2013-1950 libtirpc: Invalid pointer free leads to rpcbind daemon crash (A different vulnerability than CVE-2003-0028)

[Jan Lieskovsky <jlieskov () redhat com>]

Hello SteveCh, SteveD, vendors,

  originally Common Vulnerabilities and Exposures assigned the CVE-2003-0028 identifier
to the following flaw:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0028

Testing original CVE-2003-0028 reproducer against recent rpcbind code, 
resulted into an invalid pointer free flaw to be found:
[2] https://bugzilla.redhat.com/show_bug.cgi?id=948378#c0

Further issue context [3]:
--------------------------
An invalid pointer free flaw was found in the way server side code
implementation for connectionless RPC requests of libtirpc, a library
implementing Transport-Independent RPC (TI-RPC), (previously) performed
arguments retrieval (due to a regression in commit 82cc2e61 svc_dg_getargs()
routine callers would crash with invalid pointer free). A remote attacker
could issue a specially-crafted Sun RPC request that, when processed,
would lead to rpcbind daemon crash.

A different vulnerability than CVE-2003-0028.

[3] https://bugzilla.redhat.com/show_bug.cgi?id=948378#c13

Particular upstream patch:
[4] http://git.infradead.org/users/steved/libtirpc.git/commitdiff/a9f437119d79a438cb12e510f3cadd4060102c9f

Note: While the original CVE-2003-0028 issue has been reported to possibly
      allow / lead to arbitrary code execution under certain circumstances,
      the current (CVE-2013-1950) is believed to be able to cause (remote)
      rpcbind daemon crash "only".

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team