CVE-2010-2064

Published: 29 October 2019

rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.

Priority

Low

CVSS 3 base score: 7.1

Status

Package Release Status
rpcbind
Launchpad, Ubuntu, Debian
Upstream
Released (2.0-4.1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Notes

AuthorNote
sbeattie
init script converted to upstart job in oneiric, use of
statedir may not have been translated over; likely mitigated
by YAMA
mdeslaur
upstart job in precise+ looks ok

References

Bugs