关键信息 Topic rpcbind(8) remote denial of service [REVISED] Category Core Module rpcbind Announced On 2015-09-29, revised on 2015-10-02 Affects All supported versions of FreeBSD Corrected On 2015-10-02 (various fixes for different release versions) CVE Name CVE-2015-7236 Problem Description In rpcbind(8), there’s a memcpy operation without adequate length checks, leading to potential remote attackers crafting packets to crash the rpcbind(8) daemon. Impact Remote attackers can cause the rpcbind(8) daemon to crash, resulting in a denial of service condition. Workaround No direct workaround; system configuration recommendations for not exposing RPC services to untrusted networks. Solution Upgrade or apply patches to the affected FreeBSD versions/branches. References CVE entry and bugzilla report links for further information.