PT-2019-6535 · Rpcbind · Rpcbind
Guillem Jover
·
Published
2019-10-29
·
Updated
2019-11-05
·
CVE-2010-2064
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
rpcbind version 0.2.0
Description
The issue allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.
Recommendations
For rpcbind version 0.2.0, consider restricting access to the /tmp directory to prevent symlink attacks on /tmp/portmap.xdr and /tmp/rpcbind.xdr until a patch is available.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rpcbind