CVE-2017-8779

Name of the Vulnerable Software and Affected Versions rpcbind versions 0.2.4 and earlier LIBTIRPC versions 1.0.1 and 1.0.2-rc through 1.0.2-rc3 NTIRPC versions 1.4.3 and earlier

Description The issue allows remote attackers to cause a denial of service due to memory consumption with no subsequent free, via a crafted UDP packet to port 111. This is related to the server's handling of RPC ports and unlimited resource allocation, which can be exploited by a remote attacker to cause a service disruption.

Recommendations For rpcbind versions 0.2.4 and earlier, consider restricting access to port 111 to minimize the risk of exploitation. For LIBTIRPC versions 1.0.1 and 1.0.2-rc through 1.0.2-rc3, restrict access to the vulnerable RPC service until a patch is available. For NTIRPC versions 1.4.3 and earlier, as a temporary workaround, consider disabling the RPC service to prevent remote attackers from exploiting the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.