First published: Thu May 27 2010(Updated: )
Guillem Jover pointed out: [1] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435#5">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435#5</a> a deficiency in the way rpcbind gathered / saved registrations from / to dumped file(s). A local attacker could use this flaw to conduct symbolic link attacks, leading to un-authorized disclosure of sensitive information and / or to important system files data integrity corruption. CVE Request: [2] <a href="http://www.openwall.com/lists/oss-security/2010/06/03/4">http://www.openwall.com/lists/oss-security/2010/06/03/4</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/rpcbind | 1.2.5-9 1.2.6-6 1.2.6-8.1 | |
Sun RPCBind | =0.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2010-2061 is considered a high severity vulnerability due to the potential for local attackers to exploit it.
To fix CVE-2010-2061, upgrade the rpcbind package to version 1.2.6-8.1 or newer for Debian systems.
CVE-2010-2061 affects rpcbind versions 0.2.0, as well as specific Debian packages like rpcbind version 1.2.5-9 and 1.2.6-6.
An attacker can exploit CVE-2010-2061 to conduct unauthorized actions on systems running vulnerable versions of rpcbind.
Yes, CVE-2010-2061 primarily affects Debian systems and systems using the Solaris implementation of rpcbind.