FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- rpcbind(8) remote denial of service [REVISED]

Affected packages
10.2 <= FreeBSD < 10.2_5
10.1 <= FreeBSD < 10.1_22
9.3 <= FreeBSD < 9.3_28

Details

VuXML ID 0e5d6969-600a-11e6-a6c3-14dae9d210b8
Discovery 2015-09-29
Entry 2016-08-11

Problem Description:

In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon.

Impact:

A remote attacker who can send specifically crafted packets to the rpcbind(8) daemon can cause it to crash, resulting in a denial of service condition.

References

CVE Name CVE-2015-7236
FreeBSD Advisory SA-15:24.rpcbind