Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 30 Sep 2015 14:47:30 -0400
From:      Robert Blayzor <rblayzor.bulk@inoc.net>
To:        freebsd-security@freebsd.org
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind
Message-ID:  <B821DB04-67A9-4F7C-85E1-8ABCF72C6D46@inoc.net>
In-Reply-To: <20150929183942.569F311FD@freefall.freebsd.org>
References:  <20150929183942.569F311FD@freefall.freebsd.org>
index | next in thread | previous in thread | raw e-mail 

Was this regression tested or missing more info? After updating and rebooting seeing a ton of problems with rpcbind core dumping at start.. lock manager fails to start, etc.

dmesg
da0: quirks=0x40<RETRY_BUSY>
SMP: AP CPU #1 Launched!
Trying to mount root from ufs:/dev/da0p2 [rw]..
pid 367 (rpcbind), uid 0: exited on signal 6 (core dumped)
NLM: failed to contact remote rpcbind, stat = 5, port = 28416
NLM: failed to contact remote rpcbind, stat = 0, port = 0
Can't start NLM - unable to contact NSM
NLM: failed to contact remote rpcbind, stat = 0, port = 0
NLM: failed to contact remote rpcbind, stat = 0, port = 0
Can't start NLM - unable to contact NSM


[~] egrep rpc\|nis /etc/rc.conf
rpcbind_enable="YES"
rpc_lockd_enable="YES"
rpc_lockd_flags="-p 4045"
rpc_statd_enable="YES"
rpc_statd_flags="-p 4046"
nis_client_enable=“YES"
nis_server_enable=“YES"


[~] uname -a
FreeBSD 10.2-RELEASE-p4 FreeBSD 10.2-RELEASE-p4 #0 r288419: Wed Sep 30 18:33:40 UTC 2015     amd64


No problems prior to patching.


--
Robert
inoc.net!rblayzor
Jabber: rblayzor.AT.inoc.net
PGP Key: 78BEDCE1 @ pgp.mit.edu

> On Sep 29, 2015, at 2:39 PM, FreeBSD Security Advisories <security-advisories@freebsd.org> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> =============================================================================
> FreeBSD-SA-15:24.rpcbind                                    Security Advisory
>                                                          The FreeBSD Project
> 
> Topic:          rpcbind(8) remote denial of service
> 
> Category:       core
> Module:         rpcbind
> Announced:      2015-09-29
> Affects:        All supported versions of FreeBSD.
> Corrected:      2015-09-29 18:06:27 UTC (stable/10, 10.2-STABLE)
>                2015-09-29 18:07:18 UTC (releng/10.2, 10.2-RELEASE-p4)
>                2015-09-29 18:07:18 UTC (releng/10.1, 10.1-RELEASE-p21)
>                2015-09-29 18:06:27 UTC (stable/9, 9.3-STABLE)
>                2015-09-29 18:07:18 UTC (releng/9.3, 9.3-RELEASE-p27)
> CVE Name:       CVE-2015-7236
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B821DB04-67A9-4F7C-85E1-8ABCF72C6D46>