Published: 29 October 2019
rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.
CVSS 3 base score: 7.8
init script converted to upstart job in oneiric. doesn't look like the statedir setting got transferred to it