CVE-2010-2061

Published: Oct 29, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.

Affected (1)

Products: Rpcbind Project: Rpcbind

Rpcbind Project

1 product

Rpcbind

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rpcbind Project Rpcbind	Version 0.2.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

https://access.redhat.com/security/cve/cve-2010-2061

Source: secalert@redhat.com

Third Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435#5

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2061

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2010-2061

Source: secalert@redhat.com

Third Party Advisory

https://www.openwall.com/lists/oss-security/2010/06/08/3

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://access.redhat.com/security/cve/cve-2010-2061