oss-sec mailing list archives
CVE Request: remote triggerable use-after-free in rpcbind
From: Marcus Meissner <meissner () suse de>
Date: Thu, 17 Sep 2015 14:23:33 +0200
Hi, One of our customers saw rpcbind crashing on a remote security scan. Olaf Kirch identified and fixed the problem: http://www.spinics.net/lists/linux-nfs/msg53045.html https://bugzilla.suse.com/show_bug.cgi?id=946204 It so far has not been integrated into rpcbind upstream. This is a use-after-free, so at least remote denial of service. We have not researched further exploitability. Ciao, Marcus
Current thread:
- CVE Request: remote triggerable use-after-free in rpcbind Marcus Meissner (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind cve-assign (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Steve Dickson (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Marcus Meissner (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Steve Dickson (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Marcus Meissner (Sep 17)
- Re: Re: CVE Request: remote triggerable use-after-free in rpcbind Kurt Seifried (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Steve Dickson (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind cve-assign (Sep 17)
- Re: Re: CVE Request: remote triggerable use-after-free in rpcbind Olaf Kirch (Sep 18)