CVE-2015-7236

Upstream information

CVE-2015-7236 at MITRE

Description

Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

SUSE Bugzilla entries: 940191 [RESOLVED / FIXED], 946204 [RESOLVED / FIXED], 979097 [NEW]

SUSE Security Advisories:

SUSE-SU-2015:1705-1, published Fri Oct 9 03:09:53 MDT 2015
SUSE-SU-2015:1705-2, published Fri Oct 9 04:09:41 MDT 2015
SUSE-SU-2015:1706-1, published Fri Oct 9 03:10:40 MDT 2015
SUSE-SU-2015:1706-2, published Fri Oct 9 04:10:18 MDT 2015

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 11 SP3	`rpcbind >= 0.1.6+git20080930-6.24.1`	Patchnames: sledsp3-rpcbind-12123
SUSE Linux Enterprise Desktop 11 SP4	`rpcbind >= 0.1.6+git20080930-6.24.1`	Patchnames: sledsp4-rpcbind-12123
SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1	`rpcbind >= 0.2.1_rc4-16.2`
SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2	`rpcbind >= 0.2.3-21.4`
SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4	`rpcbind >= 0.2.3-23.1`
SUSE Linux Enterprise Desktop 12	`rpcbind >= 0.2.1_rc4-13.3.1`	Patchnames: SUSE-SLE-DESKTOP-12-2015-659
SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5	`rpcbind >= 0.2.3-24.9.1`
SUSE Linux Enterprise Module for Basesystem 15 SP1	`rpcbind >= 0.2.3-5.3.1`
SUSE Linux Enterprise Module for Basesystem 15 SP2	`rpcbind >= 0.2.3-5.9.2`
SUSE Linux Enterprise Module for Basesystem 15	`rpcbind >= 0.2.3-3.22`
SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3	`rpcbind >= 0.1.6+git20080930-6.24.1`	Patchnames: slessp3-rpcbind-12123
SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4	`rpcbind >= 0.1.6+git20080930-6.24.1`	Patchnames: slessp4-rpcbind-12123
SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12	`rpcbind >= 0.2.1_rc4-13.3.1`	Patchnames: SUSE-SLE-SERVER-12-2015-659
openSUSE Leap 15.0	`rpcbind >= 0.2.3-lp150.2.7`	Patchnames: openSUSE Leap 15.0 GA rpcbind
openSUSE Leap 42.1	`rpcbind >= 0.2.1_rc4-9.1`	Patchnames: openSUSE Leap 42.1 GA rpcbind
openSUSE Leap 42.2	`rpcbind >= 0.2.3-2.4`	Patchnames: openSUSE Leap 42.2 GA rpcbind
openSUSE Leap 42.3	`rpcbind >= 0.2.3-5.1`	Patchnames: openSUSE Leap 42.3 GA rpcbind
openSUSE Tumbleweed	`rpcbind >= 0.2.3-7.1`	Patchnames: openSUSE Tumbleweed GA rpcbind