[Bug 1687930] Re: remote denial-of-service
Nish Aravamudan
nish.aravamudan at canonical.com
Tue May 23 18:51:54 UTC 2017
The CVE is: https://people.canonical.com/~ubuntu-
security/cve/2017/CVE-2017-8779.html
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-8779
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rpcbind in Ubuntu.
https://bugs.launchpad.net/bugs/1687930
Title:
remote denial-of-service
Status in rpcbind package in Ubuntu:
Confirmed
Bug description:
It is possible to consume any amount of memory on an rpcbind server
with a remote attack. This can affect the stability of the entire
system.
Write-up: https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
Exploit + Patches: https://github.com/guidovranken/rpcbomb/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rpcbind/+bug/1687930/+subscriptions
More information about the foundations-bugs
mailing list