CVE-2010-2061

Published: 29 October 2019

rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
rpcbind
Launchpad, Ubuntu, Debian
Upstream
Released (0.2.0-4.1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(0.2.0-7ubuntu1)

Notes

AuthorNote
sbeattie
init script converted to upstart job in oneiric.
doesn't look like the statedir setting got transferred to it

References

Bugs