An invalid pointer free flaw was found in the way server side code
implementation for connectionless RPC requests of libtirpc, a library
implementing Transport-Independent RPC (TI-RPC), (previously) performed
arguments retrieval (due to a regression in commit 82cc2e61 svc_dg_getargs()
routine callers would crash with invalid pointer free). A remote attacker
could issue a specially-crafted Sun RPC request that, when processed,
would lead to rpcbind daemon crash.
A different vulnerability than CVE-2003-0028.
Particular upstream patch:
Note: While the original CVE-2003-0028 issue has been reported to
allow / lead to arbitrary code execution under certain circumstances,
the current (CVE-2013-1950) is believed to be able to cause (remote)
rpcbind daemon crash “only”.
(from redmine: issue id 2033, created on 2013-05-30, closed on 2013-06-03)
- child #2034 (closed)