Search CVE reports


Toggle filters

1 – 4 of 4 results


CVE-2010-2064

Low priority
Ignored

rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.

1 affected packages

rpcbind

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rpcbind
Show less packages

CVE-2010-2061

Low priority
Ignored

rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.

1 affected packages

rpcbind

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rpcbind
Show less packages

CVE-2017-8779

Medium priority

Some fixes available 5 of 17

rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a...

3 affected packages

libtirpc, ntirpc, rpcbind

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libtirpc Not affected Not affected Not affected Not affected Fixed
ntirpc Not affected Not affected Not affected Not affected Vulnerable
rpcbind Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2015-7236

Medium priority
Fixed

Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.

1 affected packages

rpcbind

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rpcbind
Show less packages