Bug 39548

Summary: rpcbind: Denial of Service (4.0)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Philipp Hahn <hahn>
Status: CLOSED FIXED QA Contact: Janek Walkenhorst <walkenhorst>
Severity: normal    
Priority: P3 CC: gohmann, walkenhorst
Version: UCS 4.0Flags: requate: Patch_Available+
Target Milestone: UCS 4.0-4-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:
Bug Depends on: 40023    
Bug Blocks:    

Description Arvid Requate univentionstaff 2015-10-14 19:50:37 CEST 
Upstream Debian package version 0.2.0-8+deb7u1 fixes this issue:

* A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash) (CVE-2015-7236)

nfs-common depends on this process in UCS 4.0-x.
Comment 1 Philipp Hahn univentionstaff 2015-11-23 11:54:56 CET 
repo_admin.py  -U -d wheezy -p rpcbind -r 4.0-0-0 -s errata4.0-4

Package: rpcbind
Version: 0.2.0-8.7.201511231138
Branch: ucs_4.0-0
Scope: errata4.0-4

r65842 | Bug #39548. rpcbind YAML
 rpcbind.yaml

# apt-cache policy rpcbind
rpcbind:
  Installiert:           0.2.0-8.6.201403161928
  Installationskandidat: 0.2.0-8.7.201511231138
  Versionstabelle:
     0.2.0-8.7.201511231138 0
        500 http://omar.knut.univention.de/build2/ ucs_4.0-0-errata4.0-4/i386/ Packages
 *** 0.2.0-8.6.201403161928 0
        500 http://univention-repository.knut.univention.de/4.0/maintained/ 4.0-0/i386/ Packages
        100 /var/lib/dpkg/status

# apt-get install rpcbind

# zless /usr/share/doc/rpcbind/changelog.Debian.gz

# rpcinfo
Comment 2 Janek Walkenhorst univentionstaff 2015-11-25 19:27:52 CET 
UCS 4.0-3 is still maintained, therefore this should be "version: [3,4]"
Comment 3 Philipp Hahn univentionstaff 2015-11-26 08:39:34 CET 
(In reply to Janek Walkenhorst from comment #2)
> UCS 4.0-3 is still maintained, therefore this should be "version: [3,4]"

r65918 | Bug #40023. rpcbind YAML
 rpcbind.yaml
Comment 4 Janek Walkenhorst univentionstaff 2015-12-04 17:34:27 CET 
Advisory: OK
Tests (i386, amd64): OK
Comment 5 Janek Walkenhorst univentionstaff 2015-12-09 12:58:17 CET 
<http://errata.software-univention.de/ucs/4.0/369.html>