BDU:2021-05819

Scores

EPSS

0.000none0.0%

0%20%40%60%80%100%

Percentile: 0.0%

CVSS

7.5high3.x

0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 3.x

7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0

7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Description

Уязвимость сервера динамического назначения RPC-портов RPCbind связана с неограниченным распределением ресурсов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2017-8779

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8779

https://www.exploit-db.com/exploits/41974

https://ubuntu.com/security/notices/USN-3759-1

https://ubuntu.com/security/notices/USN-3759-2

https://ubuntu.com/security/notices/USN-4986-1

https://ubuntu.com/security/notices/USN-4986-2

https://www.debian.org/security/2017/dsa-3845

https://access.redhat.com/security/cve/cve-2017-8779

https://bugzilla.redhat.com/show_bug.cgi?id=1448124

https://lists.fedoraproject.org/archives/list/package-announce

lists.fedoraproject.org/message/DEIBRBJE677HANIUQFDRJHIJYPJRZQYG/

https://lists.fedoraproject.org/archives/list/package-announce

lists.fedoraproject.org/message/TUCEBTW7ECONUSKYSVN4W7NE5LVZMWZU/

https://lists.fedoraproject.org/archives/list/package-announce

lists.fedoraproject.org/message/5BLP6HQSEBKCL4CLJ76DM4R3WF6A6SDR/

https://lists.fedoraproject.org/archives/list/package-announce

lists.fedoraproject.org/message/J5444OAGCXI7PXUGZ65GTCPD6BQBPYH6/

https://github.com/drbothen/GO-RPCBOMB

https://www.openwall.com/lists/oss-security/2017/05/04/1

https://www.exploit-db.com/exploits/41974

https://cve.basealt.ru/tag/cve-2017-8779.html

http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00071.html

https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

Recommendations

Source: bdu

Для ОС ОН «Стрелец»:
Обновление программного обеспечения rpcbind до версии 1.2.5-0.3+deb10u1osnova0

URL: https://bdu.fstec.ru/vul/2021-05819

Vulnerable Software (65)

Type: Configuration

Vendor: red hat inc.

Product: red hat ceph storage

Operating System: strelets *

Trait:

{  "version_exact": "2"}

Source: bdu

Type: Configuration

Vendor: red hat inc.

Product: red hat ceph storage

Operating System: ubuntu 16.04 ESM

Trait:

{  "version_exact": "3.2"}

Source: bdu

Type: Configuration

Vendor: red hat inc.

Product: red hat ceph storage

Operating System: ubuntu 18.04 LTS

Trait:

{  "version_exact": "3.2"}

Source: bdu

Type: Configuration

Vendor: red hat inc.

Product: red hat ceph storage

Operating System: ubuntu 18.04 LTS

Trait:

{  "version_exact": "2"}

Source: bdu

Type: Configuration

Vendor: red hat inc.

Product: red hat ceph storage

Operating System: opensuse leap 42.2

Trait:

{  "version_exact": "3.2"}

Source: bdu

Type: Configuration

Vendor: red hat inc.

Product: red hat ceph storage

Operating System: opensuse leap 42.2

Trait:

{  "version_exact": "2"}

Source: bdu

Type: Configuration

Vendor: red hat inc.

Product: red hat ceph storage

Operating System: red hat enterprise linux 6

Trait:

{  "version_exact": "3.2"}

Source: bdu

Type: Configuration

Vendor: red hat inc.

Product: red hat ceph storage

Operating System: debian gnu/linux 9

Trait:

{  "version_exact": "2"}

Source: bdu

Type: Configuration

Vendor: red hat inc.

Product: red hat ceph storage

Operating System: ubuntu 12.04

Trait:

{  "version_exact": "3.2"}

Source: bdu

Type: Configuration

Vendor: red hat inc.

Product: red hat ceph storage

Operating System: ubuntu 12.04

Trait:

{  "version_exact": "2"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: libtirpc

Operating System: ubuntu 12.04

Trait:

{  "version_end_including": "1.0.1"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: libtirpc

Operating System: fedora 25

Trait:

{  "version_end_including": "1.0.1"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: libtirpc

Operating System: debian gnu/linux 9

Trait:

{  "version_end_including": "1.0.1"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: libtirpc

Operating System: strelets *

Trait:

{  "version_end_including": "1.0.1"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: libtirpc

Operating System: ubuntu 18.04 LTS

Trait:

{  "version_end_including": "1.0.1"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: libtirpc

Operating System: debian gnu/linux 8.0

Trait:

{  "version_end_including": "1.0.1"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: libtirpc

Operating System: ubuntu 14.04 ESM

Trait:

{  "version_end_including": "1.0.1"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: libtirpc

Operating System: altlinux 7.0

Trait:

{  "version_end_including": "1.0.1"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: libtirpc

Operating System: red hat enterprise linux 6

Trait:

{  "version_end_including": "1.0.1"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: libtirpc

Operating System: red hat enterprise linux 7

Trait:

{  "version_end_including": "1.0.1"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: libtirpc

Operating System: fedora 26

Trait:

{  "version_end_including": "1.0.1"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: libtirpc

Operating System: ubuntu 16.04 ESM

Trait:

{  "version_end_including": "1.0.1"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: libtirpc

Operating System: opensuse leap 42.2

Trait:

{  "version_end_including": "1.0.1"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: ntirpc

Operating System: debian gnu/linux 9

Trait:

{  "version_end_including": "1.4.3"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: ntirpc

Operating System: ubuntu 12.04

Trait:

{  "version_end_including": "1.4.3"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: ntirpc

Operating System: altlinux 7.0

Trait:

{  "version_end_including": "1.4.3"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: ntirpc

Operating System: red hat enterprise linux 6

Trait:

{  "version_end_including": "1.4.3"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: ntirpc

Operating System: red hat enterprise linux 7

Trait:

{  "version_end_including": "1.4.3"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: ntirpc

Operating System: fedora 26

Trait:

{  "version_end_including": "1.4.3"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: ntirpc

Operating System: strelets *

Trait:

{  "version_end_including": "1.4.3"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: ntirpc

Operating System: debian gnu/linux 8.0

Trait:

{  "version_end_including": "1.4.3"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: ntirpc

Operating System: ubuntu 16.04 ESM

Trait:

{  "version_end_including": "1.4.3"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: ntirpc

Operating System: ubuntu 18.04 LTS

Trait:

{  "version_end_including": "1.4.3"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: ntirpc

Operating System: opensuse leap 42.2

Trait:

{  "version_end_including": "1.4.3"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: ntirpc

Operating System: fedora 25

Trait:

{  "version_end_including": "1.4.3"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: ntirpc

Operating System: ubuntu 14.04 ESM

Trait:

{  "version_end_including": "1.4.3"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: rpcbind

Operating System: debian gnu/linux 8.0

Trait:

{  "version_end_including": "0.2.4"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: rpcbind

Operating System: altlinux 7.0

Trait:

{  "version_end_including": "0.2.4"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: rpcbind

Operating System: ubuntu 16.04 ESM

Trait:

{  "version_end_including": "0.2.4"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: rpcbind

Operating System: fedora 26

Trait:

{  "version_end_including": "0.2.4"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: rpcbind

Operating System: red hat enterprise linux 7

Trait:

{  "version_end_including": "0.2.4"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: rpcbind

Operating System: red hat enterprise linux 6

Trait:

{  "version_end_including": "0.2.4"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: rpcbind

Operating System: ubuntu 14.04 ESM

Trait:

{  "version_end_including": "0.2.4"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: rpcbind

Operating System: strelets *

Trait:

{  "version_end_including": "0.2.4"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: rpcbind

Operating System: fedora 25

Trait:

{  "version_end_including": "0.2.4"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: rpcbind

Operating System: ubuntu 12.04

Trait:

{  "version_end_including": "0.2.4"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: rpcbind

Operating System: debian gnu/linux 9

Trait:

{  "version_end_including": "0.2.4"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: rpcbind

Operating System: opensuse leap 42.2

Trait:

{  "version_end_including": "0.2.4"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: rpcbind

Operating System: ubuntu 18.04 LTS

Trait:

{  "version_end_including": "0.2.4"}

Source: bdu

Russian Vulnerability Scanner Database

BDU:2021-05819

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

Related Vulnerabilities

Reference Links

Recommendations

Vulnerable Software (65)