#VU2752 Use-after-free in RPCBind - CVE-2015-7236


| Updated: 2018-07-16

Vulnerability identifier: #VU2752

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2015-7236

CWE-ID: CWE-416

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
RPCBind
Universal components / Libraries / Libraries used by multiple products

Vendor: linux-nfs.org

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error in xprt_set_caller() function in rpcb_svc_com.c in rpcbind 0.2.1 and earlier. A remote attacker can cause a denial of service (daemon crash) via specially crafted packets that involve PMAP_CALLIT code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install patch from vendor's website.

Vulnerable software versions

RPCBind: 0.1.4 - 0.2.1

External links
https://www.spinics.net/lists/linux-nfs/msg53045.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Unisphere Central
Remote denial of service in rpcbind in Juniper Junos OS
Gentoo update for RPCBind
Amazon Linux AMI update for rpcbind
Red Hat update for rpcbind
Fedora 23 update for rpcbind
Fedora 22 update for rpcbind
Use-after-free in rpcbind (Alpine package)