RPCBind / Portmap Malformed RPC Request Denial of Service Vulnerability

A problem in some rpcbind/portmap implementations could make it possible for remote users to deny service to legitimate users of rpc dependent services. Malformed RPC requests may cause the portmapper to crash. This may be due to a buffer overflow condition.

This makes it possible for a remote user to exploit the service, and potentially deny rpc dependent service access such as NIS to other users of the system.

One of the conditions has been described by HP as 'random buffer overflows' and is present when the system is under heavy load. It is not known if code execution is possible. Additionally, similar conditions have been reported in rpcbind/portmap implementations for SGI IRIX.


Privacy Statement
Copyright 2010, SecurityFocus