SB2017050802 - Remote denial of service in Glibc implementation

Description

This security bulletin contains information about 1 security vulnerability.

1) Denial of service (CVE-ID: CVE-2017-8804)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in xdr_bytes() and xdr_string() functions when processing RPC data in the GNU C Library (aka glibc or libc6). A remote unauthenticated attacker can send a specially crafted UDP request to port 111 (rpcbind) and consume up to 4 gigabytes of memory per request.

Successful exploitation of this vulnerability may result in denial of service (DoS) conditions.

The issue is related to: https://www.cybersecurity-help.cz/vdb/SB2017050801

Remediation

Install update from vendor's website.

References

• http://www.openwall.com/lists/oss-security/2017/05/05/2
• https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7
• https://sourceware.org/bugzilla/show_bug.cgi?id=21461
• https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html