libtirpc CVE-2013-1950
An invalid pointer free flaw was found in the way server side code
implementation for connectionless RPC requests of libtirpc, a library
implementing Transport-Independent RPC (TI-RPC), (previously)
performed
arguments retrieval (due to a regression in commit 82cc2e61
svc_dg_getargs()
routine callers would crash with invalid pointer free). A remote
attacker
could issue a specially-crafted Sun RPC request that, when processed,
would lead to rpcbind daemon crash.
A different vulnerability than CVE-2003-0028.
[3] https://bugzilla.redhat.com/show\_bug.cgi?id=948378\#c13
Particular upstream patch:
[4]
http://git.infradead.org/users/steved/libtirpc.git/commitdiff/a9f437119d79a438cb12e510f3cadd4060102c9f
Note: While the original CVE-2003-0028 issue has been reported to
possibly
allow / lead to arbitrary code execution under certain circumstances,
the current (CVE-2013-1950) is believed to be able to cause (remote)
rpcbind daemon crash “only”.
(from redmine: issue id 2033, created on 2013-05-30, closed on 2013-06-03)
- Relations:
- child #2034 (closed)