Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-13460

[LIBTIRPC] our implementation is affected by CVE-2017-8779

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Fix Version/s: 0.4.7
    • Component/s: Networking
    • Labels:

      Description

      lately (with r75096) LIBTIRPC was added to ros for NFS 4.1 client support.

      http://www.linuxfromscratch.org/blfs/view/cvs/basicnet/libtirpc.html
      notes there are still some sec-vulns in this library and mentions
      http://www.linuxfromscratch.org/patches/blfs/svn/libtirpc-1.0.1-vulnerability_fixes-1.patch

      From a quick look it seems we are affected by at least some of these vulnerabilities too.
      We should have a look of what parts of that patch could/should be merged to ros.

      https://nvd.nist.gov/vuln/detail/CVE-2017-8779

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Heis Spiter Pierre Schweitzer
                Reporter:
                reactosfanboy reactosfanboy
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: