[3.3] rpcbind: remote triggerable use-after-free in rpcbind (CVE-2015-7236)
A use-after-free vulnerability in rpcbind causing remotely triggerable
crash was found.
Rpcbind crashes in svc_dodestroy when trying to free a corrupted
xprt->xp_netid pointer,
which contains a sockaddr_in.
references:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-7236
https://security-tracker.debian.org/tracker/CVE-2015-7236
http://www.openwall.com/lists/oss-security/2015/09/17/1
https://bugzilla.suse.com/show\_bug.cgi?id=946204
http://seclists.org/oss-sec/2015/q3/566
http://www.spinics.net/lists/linux-nfs/msg53045.html
(from redmine: issue id 4690, created on 2015-09-30, closed on 2015-10-02)
- Relations:
- parent #4689 (closed)