oss-sec mailing list archives
rpcbomb: remote rpcbind denial-of-service
From: Guido Vranken <guidovranken () gmail com>
Date: Wed, 3 May 2017 20:55:23 +0200
This vulnerability allows an attacker to allocate any amount of bytes (up to 4 gigabytes per attack) on a remote rpcbind host, and the memory is never freed unless the process crashes or the administrator halts or restarts the rpcbind service. Attacking a system is trivial; a single attack consists of sending a specially crafted payload of around 60 bytes through a UDP socket. This can slow down the system’s operations significantly or prevent other services (such as a web server) from spawning processes entirely. An extensive write-up can be found here: https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ Exploit + patches: https://github.com/guidovranken/rpcbomb/
Current thread:
- rpcbomb: remote rpcbind denial-of-service Guido Vranken (May 03)
- Re: rpcbomb: remote rpcbind denial-of-service Seth Arnold (May 03)
- Re: rpcbomb: remote rpcbind denial-of-service Marcus Meissner (May 05)
- Re: rpcbomb: remote rpcbind denial-of-service Florian Weimer (May 05)
- Re: rpcbomb: remote rpcbind denial-of-service Salvatore Bonaccorso (May 07)
- Re: rpcbomb: remote rpcbind denial-of-service Florian Weimer (May 08)
- Re: rpcbomb: remote rpcbind denial-of-service Marcus Meissner (May 05)
- Re: rpcbomb: remote rpcbind denial-of-service Seth Arnold (May 03)