libtirpc File Descriptors Exhaustion Denial of Service VulnerabilitySeptember 7, 2018 am30 2:29 am

A vulnerability in libtirpc could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to improper handling of port settings by the affected software. An attacker could exploit this vulnerability by configuring the role of the targeted port to poll, rather than select, on the affected device. A successful exploit could allow the attacker to cause an infinite loop on the targeted device, resulting in a complete DoS condition.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

libtirpc confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-14621

%d bloggers like this: