Headline
Gentoo Linux Security Advisory 202210-33
Gentoo Linux Security Advisory 202210-33 - A vulnerability has been discovered in Libtirpc which could result in denial of service. Versions less than 1.3.2 are affected.
Gentoo Linux Security Advisory GLSA 202210-33
https://security.gentoo.org/
Severity: Normal
Title: Libtirpc: Denial of Service
Date: October 31, 2022
Bugs: #859634
ID: 202210-33
Synopsis
A vulnerability has been discovered in Libtirpc which could result in
denial of service.
Background
Libtirpc is a port of Sun’s Transport-Independent RPC library to Linux.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/libtirpc < 1.3.2 >= 1.3.2
Description
Currently svc_run does not handle poll timeout and rendezvous_request
does not handle EMFILE error returned from accept(2 as it used to.
These two missing functionality were removed by commit b2c9430f46c4.
The effect of not handling poll timeout allows idle TCP conections
to remain ESTABLISHED indefinitely. When the number of connections
reaches the limit of the open file descriptors (ulimit -n) then
accept(2) fails with EMFILE. Since there is no handling of EMFILE
error this causes svc_run() to get in a tight loop calling accept(2).
This resulting in the RPC service of svc_run is being down, it’s
no longer able to service any requests.
Due to a lack of handling of certain error cases, connections to
Libtirpc could remain ESTABLISHED indefinitely.
Impact
Denial of service can be achieved via establishing enough connections to
Libtirpc to reach the limit of open file descriptors for the process.
Workaround
There is no known workaround at this time.
Resolution
All Libtirpc users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=net-libs/libtirpc-1.3.2”
References
[ 1 ] CVE-2021-46828
https://nvd.nist.gov/vuln/detail/CVE-2021-46828
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202210-33
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Related news
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Red Hat Security Advisory 2022-8400-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Issues addressed include a denial of service vulnerability.
An update for libtirpc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46828: libtirpc: DoS vulnerability with lots of connections
Ubuntu Security Notice 5538-1 - It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.