Rpcbind Project

rpcbind_project

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-2064 1Rpcbind Project 1Rpcbind Nov 21, 2024 Oct 29, 2019 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.
CVE-2010-2061 1Rpcbind Project 1Rpcbind Nov 21, 2024 Oct 29, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.
CVE-2017-8779 3Libtirpc Project Ntirpc ProjectRpcbind Project 3Libtirpc NtirpcRpcbind May 13, 2026 May 4, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to...Show more rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.Show less
CVE-2015-7236 4Canonical DebianOracle+1 more 4Debian Linux RpcbindSolaris+1 more May 6, 2026 Oct 1, 2015 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.