Vulnerability Details : CVE-2017-8779
Public exploit exists!
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
Vulnerability category: Denial of service
Products affected by CVE-2017-8779
- cpe:2.3:a:rpcbind_project:rpcbind:*:*:*:*:*:*:*:*
- cpe:2.3:a:libtirpc_project:libtirpc:*:*:*:*:*:*:*:*
- cpe:2.3:a:ntirpc_project:ntirpc:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8779
82.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2017-8779
-
RPC DoS targeting *nix rpcbind/libtirpc
First seen: 2020-04-26auxiliary/dos/rpc/rpcbombThis module exploits a vulnerability in certain versions of rpcbind, LIBTIRPC, and NTIRPC, allowing an attacker to trigger large (and never freed) memory allocations for XDR strings on the target. Authors: - guidovranken - Pearce Barry <pearce_barry@rapid7
CVSS scores for CVE-2017-8779
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-8779
-
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8779
-
https://github.com/guidovranken/rpcbomb/
GitHub - guidovranken/rpcbomb: RPCBOMB + patchesIssue Tracking;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1395
RHSA-2017:1395 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:1263
RHSA-2017:1263 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2017/dsa-3845
Debian -- Security Information -- DSA-3845-1 libtirpc
-
https://access.redhat.com/errata/RHSA-2017:1267
RHSA-2017:1267 - Security Advisory - Red Hat Customer Portal
-
http://openwall.com/lists/oss-security/2017/05/03/12
oss-security - rpcbomb: remote rpcbind denial-of-serviceMailing List;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1262
RHSA-2017:1262 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/98325
Rpcbind CVE-2017-8779 Remote Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://usn.ubuntu.com/3759-1/
USN-3759-1: libtirpc vulnerabilities | Ubuntu security notices
-
https://www.exploit-db.com/exploits/41974/
RPCBind / libtirpc - Denial of Service
-
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
rpcbomb: remote rpcbind denial-of-service + patches – Guido VrankenThird Party Advisory
-
http://openwall.com/lists/oss-security/2017/05/04/1
oss-security - Re: rpcbomb: remote rpcbind denial-of-serviceMailing List;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1268
RHSA-2017:1268 - Security Advisory - Red Hat Customer Portal
-
https://security.netapp.com/advisory/ntap-20180109-0001/
CVE-2017-8779 rpcbind Vulnerability in NetApp Products | NetApp Product Security
-
https://github.com/drbothen/GO-RPCBOMB
GitHub - drbothen/GO-RPCBOMB: CVE-2017-8779 aka RPCBombIssue Tracking;Patch;Third Party Advisory
-
http://www.securitytracker.com/id/1038532
Rpcbind Memory Leak in rpcb_service_4() Lets Remote Users Consume Excessive Memory Resources - SecurityTracker
-
https://usn.ubuntu.com/3759-2/
USN-3759-2: libtirpc vulnerabilities | Ubuntu security notices
-
https://security.gentoo.org/glsa/201706-07
Libtirpc and RPCBind: Denial of Service (GLSA 201706-07) — Gentoo security
-
https://access.redhat.com/errata/RHBA-2017:1497
RHBA-2017:1497 - Bug Fix Advisory - Red Hat Customer Portal
Jump to