Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-13460

[LIBTIRPC] our implementation is affected by CVE-2017-8779

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 0.4.7
    • Networking

    Description

      lately (with r75096) LIBTIRPC was added to ros for NFS 4.1 client support.

      http://www.linuxfromscratch.org/blfs/view/cvs/basicnet/libtirpc.html
      notes there are still some sec-vulns in this library and mentions
      http://www.linuxfromscratch.org/patches/blfs/svn/libtirpc-1.0.1-vulnerability_fixes-1.patch

      From a quick look it seems we are affected by at least some of these vulnerabilities too.
      We should have a look of what parts of that patch could/should be merged to ros.

      https://nvd.nist.gov/vuln/detail/CVE-2017-8779

      Attachments

        Issue Links

          blocks

          Improvement - An improvement or enhancement to an existing feature or task. CORE-8204 Add nfs client support and pave way for Vagrant

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              Heis Spiter Pierre Schweitzer
              reactosfanboy reactosfanboy
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: