From secunia: CRITICAL: Less critical IMPACT: DoS WHERE: From local network SOFTWARE: libtirpc 0.x http://secunia.com/advisories/product/17898/ DESCRIPTION: A vulnerability has been reported in libtirpc, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "__rpc_taddr2uaddr_af()" function in src/rpc_generic.c and can be exploited to crash an application using the library via a specially crafted RPC request. This may be related to: SA23700 The vulnerability is reported in version 0.1.9. Other versions may also be affected. SOLUTION: Do not process untrusted RPC requests using the library. PROVIDED AND/OR DISCOVERED BY: Reported by Tomas Hoger in a Red Hat bug report. ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=468014 OTHER REFERENCES: SA23700: http://secunia.com/advisories/23700/
Adjusting severity, was my fault letting it stay on normal. This is the upstream bug: http://sourceforge.net/tracker/index.php?func=detail&aid=2192645&group_id=183075&atid=903784 upstream has released 0.1.9: http://sourceforge.net/project/showfiles.php?group_id=183075&package_id=212488&release_id=612386 which should fix the issue.
Matti, 0.1.9 should be affected as well. Upstream bug report was opened just a couple of days ago, while 0.1.9 was released nearly 4 months ago (according to timestamp on SF download page). Fedora libtirpc maintainer added fix to 0.1.9 packages as well: http://koji.fedoraproject.org/koji/buildinfo?buildID=67739 http://cvs.fedoraproject.org/viewvc/rpms/libtirpc/devel/libtirpc-0.1.7-taddr2uaddr-segflt.patch?view=log HTH
Thanks, Tomas. I was under the impression, that the bug was already fixed upstream, but i mistook redhat fixing it for upstream releasing a new version... So net-fs ppl: either wait for upstream to fix it, or apply the redhat patch tomas so kindly pointed out.
libtirpc-0.1.10 is in the tree now
