CVE-2017-8779
First published: Thu May 04 2017(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Rpcbind | <=0.2.4 | |
| libtirpc | <=1.0.1 | |
| NTIRPC | <=1.4.3 | |
| debian/libtirpc | 1.3.1-1+deb11u1 1.3.3+ds-1 1.3.4+ds-1.3 1.3.6+ds-1 | |
| debian/ntirpc | 3.4-2 4.3-2 6.3-2 | |
| debian/rpcbind | 1.2.5-9 1.2.6-6 1.2.6-8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://openwall.com/lists/oss-security/2017/05/03/12
- http://openwall.com/lists/oss-security/2017/05/04/1
- http://www.debian.org/security/2017/dsa-3845
- http://www.securityfocus.com/bid/98325
- http://www.securitytracker.com/id/1038532
- https://access.redhat.com/errata/RHBA-2017:1497
- https://access.redhat.com/errata/RHSA-2017:1262
- https://access.redhat.com/errata/RHSA-2017:1263
- https://access.redhat.com/errata/RHSA-2017:1267
- https://access.redhat.com/errata/RHSA-2017:1268
- https://access.redhat.com/errata/RHSA-2017:1395
- https://github.com/drbothen/GO-RPCBOMB
- https://github.com/guidovranken/rpcbomb/
- https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
- https://security.gentoo.org/glsa/201706-07
- https://security.netapp.com/advisory/ntap-20180109-0001/
- https://usn.ubuntu.com/3759-1/
- https://usn.ubuntu.com/3759-2/
- https://www.exploit-db.com/exploits/41974/
- https://launchpad.net/bugs/cve/CVE-2017-8779
- http://seclists.org/oss-sec/2017/q2/209
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1448125
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1448126
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1448127
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1448128
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1448124#c6
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1448124#c8
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1448124#c16
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1277059&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1277059&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1277229&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1277229&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1448124#c23
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1448124#c26
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1448124#c27
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1277755
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1277755&action=edit
- https://access.redhat.com/solutions/3025811/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1454876
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1455142
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1448124#c47
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1448124#c43
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1458240
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1457172
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1448124#c49
- https://access.redhat.com/errata/RHBA-2017:1435
- https://access.redhat.com/errata/RHBA-2017:1436
- https://bugzilla.redhat.com/show_bug.cgi?id=1448124
- https://www.openwall.com/lists/oss-security/2017/05/04/1
- https://github.com/guidovranken/rpcbomb/blob/master/rpcbind_patch.txt
- https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commit;h=7ea36eeece56b59f98e469934e4c20b4da043346
- https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commitdiff;h=c49a7ea639eb700823e174fd605bbbe183e229aa
- https://security-tracker.debian.org/tracker/CVE-2017-8779
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8779
- https://nvd.nist.gov/vuln/detail/CVE-2017-8779
- https://ubuntu.com/security/CVE-2017-8779
Frequently Asked Questions
What is the severity of CVE-2017-8779?
CVE-2017-8779 has a high severity rating due to its potential to cause denial of service through excessive memory consumption.
How do I fix CVE-2017-8779?
To fix CVE-2017-8779, upgrade to the recommended versions of rpcbind, libtirpc, or ntirpc as specified in the vulnerability report.
What systems are affected by CVE-2017-8779?
CVE-2017-8779 affects versions of rpcbind up to 0.2.4, libtirpc up to 1.0.1, and ntirpc up to 1.4.3.
Can CVE-2017-8779 be exploited remotely?
Yes, CVE-2017-8779 can be exploited remotely via crafted UDP packets sent to port 111.
What is the potential impact of CVE-2017-8779 on servers?
The potential impact of CVE-2017-8779 on servers includes denial of service, leading to unavailability and potential downtime.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-8779
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/author
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- package-manager/debian
- vendor/rpcbind project
- canonical/red hat rpcbind
- version/red hat rpcbind/0.2.4
- vendor/libtirpc project
- canonical/libtirpc
- version/libtirpc/1.0.1
- vendor/ntirpc project
- canonical/ntirpc
- version/ntirpc/1.4.3