PROTOCOL-RPC XDR string allocation denial of service attempt
This event is generated when an attacker attempts to exploit a denial of service vulnerability in rpcbind.
Denial of service
CVSS base score 7.5
CVSS impact score 3.6
CVSS exploitability score 3.9
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact HIGH
Rule checks for a DoS attempt against rpcbind.
CVE-2017-8779: rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
- libtirpc_project libtirpc 1.0.1
- ntirpc_project ntirpc 1.4.3
- rpcbind_project rpcbind 0.2.4
Ease of attack
Simple; Metasploit module publicly-available
- Cisco's Talos Intelligence Group