[v2.6] libtirpc: Invalid pointer free leads to rpcbind daemon crash CVE-2013-1950
An invalid pointer free flaw was found in the way server side code
implementation for connectionless RPC requests of libtirpc, a library
implementing Transport-Independent RPC (TI-RPC), (previously) performed
arguments retrieval (due to a regression in commit 82cc2e61 svc_dg_getargs()
routine callers would crash with invalid pointer free). A remote attacker
could issue a specially-crafted Sun RPC request that, when processed,
would lead to rpcbind daemon crash.
A different vulnerability than CVE-2003-0028.
Particular upstream patch:
Note: While the original CVE-2003-0028 issue has been reported to
allow / lead to arbitrary code execution under certain circumstances,
the current (CVE-2013-1950) is believed to be able to cause (remote)
rpcbind daemon crash “only”.
(from redmine: issue id 2034, created on 2013-05-30, closed on 2013-06-03)
- parent #2033 (closed)
- Revision 473d40bb by Natanael Copa on 2013-06-03T15:41:48Z:
main/libtirpc: fix CVE-2013-1950 fixes #2034