[Bug 1687930] Re: remote denial-of-service
Seth Arnold
1687930 at bugs.launchpad.net
Tue May 23 18:52:18 UTC 2017
** Information type changed from Public to Public Security
** Changed in: rpcbind (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rpcbind in Ubuntu.
https://bugs.launchpad.net/bugs/1687930
Title:
remote denial-of-service
Status in rpcbind package in Ubuntu:
Confirmed
Bug description:
It is possible to consume any amount of memory on an rpcbind server
with a remote attack. This can affect the stability of the entire
system.
Write-up: https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
Exploit + Patches: https://github.com/guidovranken/rpcbomb/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rpcbind/+bug/1687930/+subscriptions
More information about the foundations-bugs
mailing list